http://wiki.6bit.ch/api.php?action=feedcontributions&feedformat=atom&user=Xbl
6bit.ch wiki - User contributions [en]
2026-05-10T14:41:47Z
User contributions
MediaWiki 1.37.1
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=356
Very Windy
2026-04-30T08:56:18Z
<p>Xbl: /* Deploy */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br><br />
<br><br />
Temporarily store current changes and revert to latest pull:<br><br />
<code>git stash</code><br><br />
Go back to stashed changes:<br><br />
<code>git stash pop</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
dns: 10.8.3.74 / 10.8.3.174<br><br />
http://mirror.nat.srv.ch/2025/q4/ubuntu<br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
Look at certificate:<br><br />
<code>openssl x509 -text -in /home/local/RootCAIII.crt -noout | grep 'Subject:\|Issuer:'</code><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code><br />
<br />
== icinga2 host vars ==<br />
<code>host_vars/host_name/icinga2.yml</code>:<br><br />
<nowiki>icinga2_agent__host_vars:<br />
mailq:<br />
mailq_servertype: "sendmail"</nowiki><br />
<br />
== mysql ==<br />
<code>mysql <dbname> < /home/doobiean/anUpdate.sql</code> Apply sql stuffs to <dbname> database<br><br />
<code>mysql -e "SHOW DATABASES" | grep 0109</code> look for databases<br><br />
<br />
== ansible-vault ==<br />
<code>ansible-vault encrypt_string <string></code> encrypt <string><br />
<br />
== splunk ==<br />
<code>grep -i "connected to" /opt/splunkforwarder/var/log/splunk/splunkd.log</code> Check connected servers.<br />
<br />
== openDKIM ==<br />
<code>chmod -R ug+x /etc/opendkim</code> If key-permissions are denied, even though they appear to be correct.<br />
<br />
== n1 ==<br />
<code>dig 6bit.ch +short</code><br><br />
<code>whois $(!!)</code><br />
<br />
== digiz0rt ==<br />
=== Standard ===<br />
DNS TXT Record, SSL Cert Business, Platform: Linux<br><br />
=== Special ===<br />
UCC16: Many SANs<br><br />
Wildcard: Wildcard<br><br />
<br />
== icinga2 nginx ==<br />
<nowiki>vim /usr/lib/nagios/plugins/check_nginx_status.pl<br />
use lib '/usr/lib/nagios/plugins';<br />
<br />
chmod 755 /usr/lib/nagios/plugins/utils.pm<br />
ln -s /usr/lib/nagios/plugins/utils.pm /usr/local/lib/nagios/plugins/utils.pm</nowiki><br />
<br />
<br />
== Deploy ==<br />
<code>ansible-playbook -u $USER -b playbook-deploy.yml -l prod --extra-vars "esb_release_tag=v26.8.0 typo3_release_tag=v26.8.0" -D</code> ohne -C<br><br />
<code>vim files/web/srv/*/www/{typo3,esb}/deploy</code> Version check auskommentieren, für Redeploy</div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=355
Very Windy
2026-04-30T06:57:21Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br><br />
<br><br />
Temporarily store current changes and revert to latest pull:<br><br />
<code>git stash</code><br><br />
Go back to stashed changes:<br><br />
<code>git stash pop</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
dns: 10.8.3.74 / 10.8.3.174<br><br />
http://mirror.nat.srv.ch/2025/q4/ubuntu<br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
Look at certificate:<br><br />
<code>openssl x509 -text -in /home/local/RootCAIII.crt -noout | grep 'Subject:\|Issuer:'</code><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code><br />
<br />
== icinga2 host vars ==<br />
<code>host_vars/host_name/icinga2.yml</code>:<br><br />
<nowiki>icinga2_agent__host_vars:<br />
mailq:<br />
mailq_servertype: "sendmail"</nowiki><br />
<br />
== mysql ==<br />
<code>mysql <dbname> < /home/doobiean/anUpdate.sql</code> Apply sql stuffs to <dbname> database<br><br />
<code>mysql -e "SHOW DATABASES" | grep 0109</code> look for databases<br><br />
<br />
== ansible-vault ==<br />
<code>ansible-vault encrypt_string <string></code> encrypt <string><br />
<br />
== splunk ==<br />
<code>grep -i "connected to" /opt/splunkforwarder/var/log/splunk/splunkd.log</code> Check connected servers.<br />
<br />
== openDKIM ==<br />
<code>chmod -R ug+x /etc/opendkim</code> If key-permissions are denied, even though they appear to be correct.<br />
<br />
== n1 ==<br />
<code>dig 6bit.ch +short</code><br><br />
<code>whois $(!!)</code><br />
<br />
== digiz0rt ==<br />
=== Standard ===<br />
DNS TXT Record, SSL Cert Business, Platform: Linux<br><br />
=== Special ===<br />
UCC16: Many SANs<br><br />
Wildcard: Wildcard<br><br />
<br />
== icinga2 nginx ==<br />
<nowiki>vim /usr/lib/nagios/plugins/check_nginx_status.pl<br />
use lib '/usr/lib/nagios/plugins';<br />
<br />
chmod 755 /usr/lib/nagios/plugins/utils.pm<br />
ln -s /usr/lib/nagios/plugins/utils.pm /usr/local/lib/nagios/plugins/utils.pm</nowiki><br />
<br />
<br />
== Deploy ==<br />
<br />
<code>ansible-playbook -u $USER -b playbook-deploy.yml -l prod --extra-vars "esb_release_tag=v26.8.0 typo3_release_tag=v26.8.0" -D</code> ohne -C<br></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=354
Very Windy
2026-04-09T15:05:45Z
<p>Xbl: /* icinga2 nginx */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br><br />
<br><br />
Temporarily store current changes and revert to latest pull:<br><br />
<code>git stash</code><br><br />
Go back to stashed changes:<br><br />
<code>git stash pop</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
dns: 10.8.3.74 / 10.8.3.174<br><br />
http://mirror.nat.srv.ch/2025/q4/ubuntu<br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
Look at certificate:<br><br />
<code>openssl x509 -text -in /home/local/RootCAIII.crt -noout | grep 'Subject:\|Issuer:'</code><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code><br />
<br />
== icinga2 host vars ==<br />
<code>host_vars/host_name/icinga2.yml</code>:<br><br />
<nowiki>icinga2_agent__host_vars:<br />
mailq:<br />
mailq_servertype: "sendmail"</nowiki><br />
<br />
== mysql ==<br />
<code>mysql <dbname> < /home/doobiean/anUpdate.sql</code> Apply sql stuffs to <dbname> database<br><br />
<code>mysql -e "SHOW DATABASES" | grep 0109</code> look for databases<br><br />
<br />
== ansible-vault ==<br />
<code>ansible-vault encrypt_string <string></code> encrypt <string><br />
<br />
== splunk ==<br />
<code>grep -i "connected to" /opt/splunkforwarder/var/log/splunk/splunkd.log</code> Check connected servers.<br />
<br />
== openDKIM ==<br />
<code>chmod -R ug+x /etc/opendkim</code> If key-permissions are denied, even though they appear to be correct.<br />
<br />
== n1 ==<br />
<code>dig 6bit.ch +short</code><br><br />
<code>whois $(!!)</code><br />
<br />
== digiz0rt ==<br />
=== Standard ===<br />
DNS TXT Record, SSL Cert Business, Platform: Linux<br><br />
=== Special ===<br />
UCC16: Many SANs<br><br />
Wildcard: Wildcard<br><br />
<br />
== icinga2 nginx ==<br />
<nowiki>vim /usr/lib/nagios/plugins/check_nginx_status.pl<br />
use lib '/usr/lib/nagios/plugins';<br />
<br />
chmod 755 /usr/lib/nagios/plugins/utils.pm<br />
ln -s /usr/lib/nagios/plugins/utils.pm /usr/local/lib/nagios/plugins/utils.pm</nowiki></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=353
Very Windy
2026-04-09T15:05:30Z
<p>Xbl: /* icinga2 nginx */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br><br />
<br><br />
Temporarily store current changes and revert to latest pull:<br><br />
<code>git stash</code><br><br />
Go back to stashed changes:<br><br />
<code>git stash pop</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
dns: 10.8.3.74 / 10.8.3.174<br><br />
http://mirror.nat.srv.ch/2025/q4/ubuntu<br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
Look at certificate:<br><br />
<code>openssl x509 -text -in /home/local/RootCAIII.crt -noout | grep 'Subject:\|Issuer:'</code><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code><br />
<br />
== icinga2 host vars ==<br />
<code>host_vars/host_name/icinga2.yml</code>:<br><br />
<nowiki>icinga2_agent__host_vars:<br />
mailq:<br />
mailq_servertype: "sendmail"</nowiki><br />
<br />
== mysql ==<br />
<code>mysql <dbname> < /home/doobiean/anUpdate.sql</code> Apply sql stuffs to <dbname> database<br><br />
<code>mysql -e "SHOW DATABASES" | grep 0109</code> look for databases<br><br />
<br />
== ansible-vault ==<br />
<code>ansible-vault encrypt_string <string></code> encrypt <string><br />
<br />
== splunk ==<br />
<code>grep -i "connected to" /opt/splunkforwarder/var/log/splunk/splunkd.log</code> Check connected servers.<br />
<br />
== openDKIM ==<br />
<code>chmod -R ug+x /etc/opendkim</code> If key-permissions are denied, even though they appear to be correct.<br />
<br />
== n1 ==<br />
<code>dig 6bit.ch +short</code><br><br />
<code>whois $(!!)</code><br />
<br />
== digiz0rt ==<br />
=== Standard ===<br />
DNS TXT Record, SSL Cert Business, Platform: Linux<br><br />
=== Special ===<br />
UCC16: Many SANs<br><br />
Wildcard: Wildcard<br><br />
<br />
== icinga2 nginx ==<br />
<nowiki>vim /usr/lib/nagios/plugins/check_nginx_status.pl<br />
use lib '/usr/lib/nagios/plugins';<br />
chmod 755 /usr/lib/nagios/plugins/utils.pm<br />
ln -s /usr/lib/nagios/plugins/utils.pm /usr/local/lib/nagios/plugins/utils.pm</nowiki></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=352
Very Windy
2026-04-09T15:05:18Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br><br />
<br><br />
Temporarily store current changes and revert to latest pull:<br><br />
<code>git stash</code><br><br />
Go back to stashed changes:<br><br />
<code>git stash pop</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
dns: 10.8.3.74 / 10.8.3.174<br><br />
http://mirror.nat.srv.ch/2025/q4/ubuntu<br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
Look at certificate:<br><br />
<code>openssl x509 -text -in /home/local/RootCAIII.crt -noout | grep 'Subject:\|Issuer:'</code><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code><br />
<br />
== icinga2 host vars ==<br />
<code>host_vars/host_name/icinga2.yml</code>:<br><br />
<nowiki>icinga2_agent__host_vars:<br />
mailq:<br />
mailq_servertype: "sendmail"</nowiki><br />
<br />
== mysql ==<br />
<code>mysql <dbname> < /home/doobiean/anUpdate.sql</code> Apply sql stuffs to <dbname> database<br><br />
<code>mysql -e "SHOW DATABASES" | grep 0109</code> look for databases<br><br />
<br />
== ansible-vault ==<br />
<code>ansible-vault encrypt_string <string></code> encrypt <string><br />
<br />
== splunk ==<br />
<code>grep -i "connected to" /opt/splunkforwarder/var/log/splunk/splunkd.log</code> Check connected servers.<br />
<br />
== openDKIM ==<br />
<code>chmod -R ug+x /etc/opendkim</code> If key-permissions are denied, even though they appear to be correct.<br />
<br />
== n1 ==<br />
<code>dig 6bit.ch +short</code><br><br />
<code>whois $(!!)</code><br />
<br />
== digiz0rt ==<br />
=== Standard ===<br />
DNS TXT Record, SSL Cert Business, Platform: Linux<br><br />
=== Special ===<br />
UCC16: Many SANs<br><br />
Wildcard: Wildcard<br><br />
<br />
== icinga2 nginx ==<br />
<nowiki>vim /usr/lib/nagios/plugins/check_nginx_status.pl<br />
use lib '/usr/lib/nagios/plugins';<br />
chmod 755 /usr/lib/nagios/plugins/utils.pm<br />
ln -s /usr/lib/nagios/plugins/utils.pm /usr/local/lib/nagios/plugins/utils.pm<nowiki></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=351
Very Windy
2026-04-07T14:24:39Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br><br />
<br><br />
Temporarily store current changes and revert to latest pull:<br><br />
<code>git stash</code><br><br />
Go back to stashed changes:<br><br />
<code>git stash pop</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
dns: 10.8.3.74 / 10.8.3.174<br><br />
http://mirror.nat.srv.ch/2025/q4/ubuntu<br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
Look at certificate:<br><br />
<code>openssl x509 -text -in /home/local/RootCAIII.crt -noout | grep 'Subject:\|Issuer:'</code><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code><br />
<br />
== icinga2 host vars ==<br />
<code>host_vars/host_name/icinga2.yml</code>:<br><br />
<nowiki>icinga2_agent__host_vars:<br />
mailq:<br />
mailq_servertype: "sendmail"</nowiki><br />
<br />
== mysql ==<br />
<code>mysql <dbname> < /home/doobiean/anUpdate.sql</code> Apply sql stuffs to <dbname> database<br><br />
<code>mysql -e "SHOW DATABASES" | grep 0109</code> look for databases<br><br />
<br />
== ansible-vault ==<br />
<code>ansible-vault encrypt_string <string></code> encrypt <string><br />
<br />
== splunk ==<br />
<code>grep -i "connected to" /opt/splunkforwarder/var/log/splunk/splunkd.log</code> Check connected servers.<br />
<br />
== openDKIM ==<br />
<code>chmod -R ug+x /etc/opendkim</code> If key-permissions are denied, even though they appear to be correct.<br />
<br />
== n1 ==<br />
<code>dig 6bit.ch +short</code><br><br />
<code>whois $(!!)</code><br />
<br />
== digiz0rt ==<br />
=== Standard ===<br />
DNS TXT Record, SSL Cert Business, Platform: Linux<br><br />
=== Special ===<br />
UCC16: Many SANs<br><br />
Wildcard: Wildcard<br></div>
Xbl
http://wiki.6bit.ch/index.php?title=Configs&diff=350
Configs
2026-04-02T09:33:29Z
<p>Xbl: /* vim */</p>
<hr />
<div>= PS1 =<br />
<nowiki>PS1="\[$(tput bold)\]\[\033[38;5;51m\][\[$(tput sgr0)\]\[\033[38;5;45m\] \[$(tput sgr0)\]\[\033[38;5;249m\]\u \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;201m\]@\[$(tput sgr0)\] \[$(tput sgr0)\]\[\033[38;5;249m\]\h\[$(tput sgr0)\] \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;51m\]]\[$(tput sgr0)\] \[\033[38;5;249m\]\W \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;51m\]>\[$(tput sgr0)\] \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;201m\]\\$\[$(tput sgr0)\]\[\033[38;5;14m\] \[$(tput sgr0)\]"</nowiki><br />
<br />
= tmux.conf =<br />
<nowiki><br />
# Extend history limit<br />
set -g history-limit 42069<br />
<br />
# Don't rename windows automatically<br />
set -g allow-rename off<br />
<br />
# reload config file<br />
bind r source-file ~/.tmux.conf<br />
<br />
# Enable 256 color support<br />
set -g default-terminal "tmux-256color"<br />
set -ga terminal-overrides ",*:RGB"<br />
<br />
# Enable clipboard<br />
set -g set-clipboard on<br />
<br />
# Change keyboard index<br />
set -g base-index 1<br />
set -g pane-base-index 1<br />
set-window-option -g pane-base-index 1<br />
set-option -g renumber-windows on<br />
<br />
# Theme colors<br />
thm_bg="#222436"<br />
thm_fg="#c8d3f5"<br />
thm_black="#1b1d2b"<br />
thm_black4="#444a73"<br />
thm_blue="#82aaff"<br />
thm_cyan="#86e1fc"<br />
thm_gray="#3a3f5a"<br />
thm_green="#00ff69"<br />
#thm_green="#c3e88d"<br />
thm_magenta="#c099ff"<br />
thm_orange="#ff9e64"<br />
thm_pink="#ff757f"<br />
thm_red="#ff757f"<br />
thm_yellow="#ffc777"<br />
<br />
# Status bar settings<br />
set -g status "on"<br />
set -g status-bg "${thm_bg}"<br />
set -g status-justify "left"<br />
set -g status-left-length "100"<br />
set -g status-right-length "100"<br />
# Messages<br />
set -g message-style "fg=${thm_cyan},bg=${thm_gray},align=centre"<br />
set -g message-command-style "fg=${thm_cyan},bg=${thm_gray},align=centre"<br />
<br />
# Panes<br />
set -g pane-border-style "fg=${thm_gray}"<br />
set -g pane-active-border-style "fg=${thm_blue}"<br />
<br />
# Windows<br />
set -g window-status-activity-style "fg=${thm_fg},bg=${thm_bg},none"<br />
set -g window-status-separator " |"<br />
set -g window-status-style "fg=${thm_fg},bg=${thm_bg},none"<br />
<br />
# Statusline - current window<br />
set -g window-status-current-format "#[fg=${thm_blue},bg=${thm_bg}, bold] #[fg=${thm_green},bg=${thm_bg}]#I:#[fg=${thm_cyan},bg=${thm_bg}]#W"<br />
#set -g window-status-current-format "#[fg=${thm_blue},bg=${thm_bg}, bold] #[fg=${thm_green},bg=${thm_bg}]#I:#[fg=${thm_cyan},bg=${thm_bg}]#(echo '#{pane_current_path}' | rev | cut -d'/' -f-2 | rev)#[fg=${thm_magenta},bg=${thm_bg}]"<br />
<br />
# Statusline - other windows<br />
set -g window-status-format "#[fg=${thm_blue},bg=${thm_bg}] #I:#[fg=${thm_fg},bg=${thm_bg}]#W"<br />
<br />
# Statusline - right side<br />
set -g status-right "#[fg=${thm_blue},bg=${thm_bg},nobold,nounderscore,noitalics]#[fg=${thm_bg},bg=${thm_blue},nobold,nounderscore,noitalics] #[fg=${thm_fg},bg=${thm_gray}] #W #{?client_prefix,#[fg=${thm_magenta}],#[fg=${thm_cyan}]}#[bg=${thm_gray}]#{?client_prefix,#[bg=${thm_magenta}],#[bg=${thm_cyan}]}#[fg=${thm_bg}] #[fg=${thm_fg},bg=${thm_gray}]"<br />
<br />
# Statusline - left side (empty)<br />
set -g status-left ""<br />
<br />
# Modes<br />
set -g clock-mode-colour "${thm_blue}"<br />
set -g mode-style "fg=${thm_blue} bg=${thm_black4} bold"<br />
</nowiki><br />
<br />
= vim =<br />
<code>~./vimrc</code><br><br />
<code>colortheme elflord, industry, </code><br></div>
Xbl
http://wiki.6bit.ch/index.php?title=Configs&diff=349
Configs
2026-04-02T09:33:15Z
<p>Xbl: </p>
<hr />
<div>= PS1 =<br />
<nowiki>PS1="\[$(tput bold)\]\[\033[38;5;51m\][\[$(tput sgr0)\]\[\033[38;5;45m\] \[$(tput sgr0)\]\[\033[38;5;249m\]\u \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;201m\]@\[$(tput sgr0)\] \[$(tput sgr0)\]\[\033[38;5;249m\]\h\[$(tput sgr0)\] \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;51m\]]\[$(tput sgr0)\] \[\033[38;5;249m\]\W \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;51m\]>\[$(tput sgr0)\] \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;201m\]\\$\[$(tput sgr0)\]\[\033[38;5;14m\] \[$(tput sgr0)\]"</nowiki><br />
<br />
= tmux.conf =<br />
<nowiki><br />
# Extend history limit<br />
set -g history-limit 42069<br />
<br />
# Don't rename windows automatically<br />
set -g allow-rename off<br />
<br />
# reload config file<br />
bind r source-file ~/.tmux.conf<br />
<br />
# Enable 256 color support<br />
set -g default-terminal "tmux-256color"<br />
set -ga terminal-overrides ",*:RGB"<br />
<br />
# Enable clipboard<br />
set -g set-clipboard on<br />
<br />
# Change keyboard index<br />
set -g base-index 1<br />
set -g pane-base-index 1<br />
set-window-option -g pane-base-index 1<br />
set-option -g renumber-windows on<br />
<br />
# Theme colors<br />
thm_bg="#222436"<br />
thm_fg="#c8d3f5"<br />
thm_black="#1b1d2b"<br />
thm_black4="#444a73"<br />
thm_blue="#82aaff"<br />
thm_cyan="#86e1fc"<br />
thm_gray="#3a3f5a"<br />
thm_green="#00ff69"<br />
#thm_green="#c3e88d"<br />
thm_magenta="#c099ff"<br />
thm_orange="#ff9e64"<br />
thm_pink="#ff757f"<br />
thm_red="#ff757f"<br />
thm_yellow="#ffc777"<br />
<br />
# Status bar settings<br />
set -g status "on"<br />
set -g status-bg "${thm_bg}"<br />
set -g status-justify "left"<br />
set -g status-left-length "100"<br />
set -g status-right-length "100"<br />
# Messages<br />
set -g message-style "fg=${thm_cyan},bg=${thm_gray},align=centre"<br />
set -g message-command-style "fg=${thm_cyan},bg=${thm_gray},align=centre"<br />
<br />
# Panes<br />
set -g pane-border-style "fg=${thm_gray}"<br />
set -g pane-active-border-style "fg=${thm_blue}"<br />
<br />
# Windows<br />
set -g window-status-activity-style "fg=${thm_fg},bg=${thm_bg},none"<br />
set -g window-status-separator " |"<br />
set -g window-status-style "fg=${thm_fg},bg=${thm_bg},none"<br />
<br />
# Statusline - current window<br />
set -g window-status-current-format "#[fg=${thm_blue},bg=${thm_bg}, bold] #[fg=${thm_green},bg=${thm_bg}]#I:#[fg=${thm_cyan},bg=${thm_bg}]#W"<br />
#set -g window-status-current-format "#[fg=${thm_blue},bg=${thm_bg}, bold] #[fg=${thm_green},bg=${thm_bg}]#I:#[fg=${thm_cyan},bg=${thm_bg}]#(echo '#{pane_current_path}' | rev | cut -d'/' -f-2 | rev)#[fg=${thm_magenta},bg=${thm_bg}]"<br />
<br />
# Statusline - other windows<br />
set -g window-status-format "#[fg=${thm_blue},bg=${thm_bg}] #I:#[fg=${thm_fg},bg=${thm_bg}]#W"<br />
<br />
# Statusline - right side<br />
set -g status-right "#[fg=${thm_blue},bg=${thm_bg},nobold,nounderscore,noitalics]#[fg=${thm_bg},bg=${thm_blue},nobold,nounderscore,noitalics] #[fg=${thm_fg},bg=${thm_gray}] #W #{?client_prefix,#[fg=${thm_magenta}],#[fg=${thm_cyan}]}#[bg=${thm_gray}]#{?client_prefix,#[bg=${thm_magenta}],#[bg=${thm_cyan}]}#[fg=${thm_bg}] #[fg=${thm_fg},bg=${thm_gray}]"<br />
<br />
# Statusline - left side (empty)<br />
set -g status-left ""<br />
<br />
# Modes<br />
set -g clock-mode-colour "${thm_blue}"<br />
set -g mode-style "fg=${thm_blue} bg=${thm_black4} bold"<br />
</nowiki><br />
<br />
= vim =<br />
<code>~./vimrc</code><br />
<code>colortheme elflord, industry, </code></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=348
Very Windy
2026-03-18T16:05:43Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br><br />
<br><br />
Temporarily store current changes and revert to latest pull:<br><br />
<code>git stash</code><br><br />
Go back to stashed changes:<br><br />
<code>git stash pop</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
dns: 10.8.3.74 / 10.8.3.174<br><br />
http://mirror.nat.srv.ch/2025/q4/ubuntu<br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
Look at certificate:<br><br />
<code>openssl x509 -text -in /home/local/RootCAIII.crt -noout | grep 'Subject:\|Issuer:'</code><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code><br />
<br />
== icinga2 host vars ==<br />
<code>host_vars/host_name/icinga2.yml</code>:<br><br />
<nowiki>icinga2_agent__host_vars:<br />
mailq:<br />
mailq_servertype: "sendmail"</nowiki><br />
<br />
== mysql ==<br />
<code>mysql <dbname> < /home/doobiean/anUpdate.sql</code> Apply sql stuffs to <dbname> database<br><br />
<code>mysql -e "SHOW DATABASES" | grep 0109</code> look for databases<br><br />
<br />
== ansible-vault ==<br />
<code>ansible-vault encrypt_string <string></code> encrypt <string><br />
<br />
== splunk ==<br />
<code>grep -i "connected to" /opt/splunkforwarder/var/log/splunk/splunkd.log</code> Check connected servers.<br />
<br />
== openDKIM ==<br />
<code>chmod -R ug+x /etc/opendkim</code> If key-permissions are denied, even though they appear to be correct.<br />
<br />
== n1 ==<br />
<code>dig 6bit.ch +short</code><br><br />
<code>whois $(!!)</code></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=347
Very Windy
2026-03-18T09:49:36Z
<p>Xbl: /* New Systems */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br><br />
<br><br />
Temporarily store current changes and revert to latest pull:<br><br />
<code>git stash</code><br><br />
Go back to stashed changes:<br><br />
<code>git stash pop</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
dns: 10.8.3.74 / 10.8.3.174<br><br />
http://mirror.nat.srv.ch/2025/q4/ubuntu<br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code><br />
<br />
== icinga2 host vars ==<br />
<code>host_vars/host_name/icinga2.yml</code>:<br><br />
<nowiki>icinga2_agent__host_vars:<br />
mailq:<br />
mailq_servertype: "sendmail"</nowiki><br />
<br />
== mysql ==<br />
<code>mysql <dbname> < /home/doobiean/anUpdate.sql</code> Apply sql stuffs to <dbname> database<br><br />
<code>mysql -e "SHOW DATABASES" | grep 0109</code> look for databases<br><br />
<br />
== ansible-vault ==<br />
<code>ansible-vault encrypt_string <string></code> encrypt <string><br />
<br />
== splunk ==<br />
<code>grep -i "connected to" /opt/splunkforwarder/var/log/splunk/splunkd.log</code> Check connected servers.<br />
<br />
== openDKIM ==<br />
<code>chmod -R ug+x /etc/opendkim</code> If key-permissions are denied, even though they appear to be correct.<br />
<br />
== n1 ==<br />
<code>dig 6bit.ch +short</code><br><br />
<code>whois $(!!)</code></div>
Xbl
http://wiki.6bit.ch/index.php?title=Configs&diff=346
Configs
2026-03-17T22:43:06Z
<p>Xbl: /* PS1 */</p>
<hr />
<div>= PS1 =<br />
<nowiki>PS1="\[$(tput bold)\]\[\033[38;5;51m\][\[$(tput sgr0)\]\[\033[38;5;45m\] \[$(tput sgr0)\]\[\033[38;5;249m\]\u \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;201m\]@\[$(tput sgr0)\] \[$(tput sgr0)\]\[\033[38;5;249m\]\h\[$(tput sgr0)\] \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;51m\]]\[$(tput sgr0)\] \[\033[38;5;249m\]\W \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;51m\]>\[$(tput sgr0)\] \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;201m\]\\$\[$(tput sgr0)\]\[\033[38;5;14m\] \[$(tput sgr0)\]"</nowiki><br />
<br />
= tmux.conf =<br />
<nowiki><br />
# Extend history limit<br />
set -g history-limit 42069<br />
<br />
# Don't rename windows automatically<br />
set -g allow-rename off<br />
<br />
# reload config file<br />
bind r source-file ~/.tmux.conf<br />
<br />
# Enable 256 color support<br />
set -g default-terminal "tmux-256color"<br />
set -ga terminal-overrides ",*:RGB"<br />
<br />
# Enable clipboard<br />
set -g set-clipboard on<br />
<br />
# Change keyboard index<br />
set -g base-index 1<br />
set -g pane-base-index 1<br />
set-window-option -g pane-base-index 1<br />
set-option -g renumber-windows on<br />
<br />
# Theme colors<br />
thm_bg="#222436"<br />
thm_fg="#c8d3f5"<br />
thm_black="#1b1d2b"<br />
thm_black4="#444a73"<br />
thm_blue="#82aaff"<br />
thm_cyan="#86e1fc"<br />
thm_gray="#3a3f5a"<br />
thm_green="#00ff69"<br />
#thm_green="#c3e88d"<br />
thm_magenta="#c099ff"<br />
thm_orange="#ff9e64"<br />
thm_pink="#ff757f"<br />
thm_red="#ff757f"<br />
thm_yellow="#ffc777"<br />
<br />
# Status bar settings<br />
set -g status "on"<br />
set -g status-bg "${thm_bg}"<br />
set -g status-justify "left"<br />
set -g status-left-length "100"<br />
set -g status-right-length "100"<br />
# Messages<br />
set -g message-style "fg=${thm_cyan},bg=${thm_gray},align=centre"<br />
set -g message-command-style "fg=${thm_cyan},bg=${thm_gray},align=centre"<br />
<br />
# Panes<br />
set -g pane-border-style "fg=${thm_gray}"<br />
set -g pane-active-border-style "fg=${thm_blue}"<br />
<br />
# Windows<br />
set -g window-status-activity-style "fg=${thm_fg},bg=${thm_bg},none"<br />
set -g window-status-separator " |"<br />
set -g window-status-style "fg=${thm_fg},bg=${thm_bg},none"<br />
<br />
# Statusline - current window<br />
set -g window-status-current-format "#[fg=${thm_blue},bg=${thm_bg}, bold] #[fg=${thm_green},bg=${thm_bg}]#I:#[fg=${thm_cyan},bg=${thm_bg}]#W"<br />
#set -g window-status-current-format "#[fg=${thm_blue},bg=${thm_bg}, bold] #[fg=${thm_green},bg=${thm_bg}]#I:#[fg=${thm_cyan},bg=${thm_bg}]#(echo '#{pane_current_path}' | rev | cut -d'/' -f-2 | rev)#[fg=${thm_magenta},bg=${thm_bg}]"<br />
<br />
# Statusline - other windows<br />
set -g window-status-format "#[fg=${thm_blue},bg=${thm_bg}] #I:#[fg=${thm_fg},bg=${thm_bg}]#W"<br />
<br />
# Statusline - right side<br />
set -g status-right "#[fg=${thm_blue},bg=${thm_bg},nobold,nounderscore,noitalics]#[fg=${thm_bg},bg=${thm_blue},nobold,nounderscore,noitalics] #[fg=${thm_fg},bg=${thm_gray}] #W #{?client_prefix,#[fg=${thm_magenta}],#[fg=${thm_cyan}]}#[bg=${thm_gray}]#{?client_prefix,#[bg=${thm_magenta}],#[bg=${thm_cyan}]}#[fg=${thm_bg}] #[fg=${thm_fg},bg=${thm_gray}]"<br />
<br />
# Statusline - left side (empty)<br />
set -g status-left ""<br />
<br />
# Modes<br />
set -g clock-mode-colour "${thm_blue}"<br />
set -g mode-style "fg=${thm_blue} bg=${thm_black4} bold"<br />
</nowiki></div>
Xbl
http://wiki.6bit.ch/index.php?title=Configs&diff=345
Configs
2026-03-17T22:39:28Z
<p>Xbl: /* PS1 */</p>
<hr />
<div>= PS1 =<br />
<nowiki>PS1="\[$(tput bold)\]\[\033[38;5;51m\][\[$(tput sgr0)\]\[\033[38;5;45m\] \[$(tput sgr0)\]\[\033[38;5;249m\]\u \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;201m\]@\[$(tput sgr0)\] \[$(tput sgr0)\]\[\033[38;5;249m\]\h\[$(tput sgr0)\] \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;51m\]_\[$(tput sgr0)\] \[\033[38;5;249m\]\W \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;51m\]]\[$(tput sgr0)\] \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;201m\]\\$\[$(tput sgr0)\]\[\033[38;5;14m\] \[$(tput sgr0)\]"</nowiki><br />
<br />
= tmux.conf =<br />
<nowiki><br />
# Extend history limit<br />
set -g history-limit 42069<br />
<br />
# Don't rename windows automatically<br />
set -g allow-rename off<br />
<br />
# reload config file<br />
bind r source-file ~/.tmux.conf<br />
<br />
# Enable 256 color support<br />
set -g default-terminal "tmux-256color"<br />
set -ga terminal-overrides ",*:RGB"<br />
<br />
# Enable clipboard<br />
set -g set-clipboard on<br />
<br />
# Change keyboard index<br />
set -g base-index 1<br />
set -g pane-base-index 1<br />
set-window-option -g pane-base-index 1<br />
set-option -g renumber-windows on<br />
<br />
# Theme colors<br />
thm_bg="#222436"<br />
thm_fg="#c8d3f5"<br />
thm_black="#1b1d2b"<br />
thm_black4="#444a73"<br />
thm_blue="#82aaff"<br />
thm_cyan="#86e1fc"<br />
thm_gray="#3a3f5a"<br />
thm_green="#00ff69"<br />
#thm_green="#c3e88d"<br />
thm_magenta="#c099ff"<br />
thm_orange="#ff9e64"<br />
thm_pink="#ff757f"<br />
thm_red="#ff757f"<br />
thm_yellow="#ffc777"<br />
<br />
# Status bar settings<br />
set -g status "on"<br />
set -g status-bg "${thm_bg}"<br />
set -g status-justify "left"<br />
set -g status-left-length "100"<br />
set -g status-right-length "100"<br />
# Messages<br />
set -g message-style "fg=${thm_cyan},bg=${thm_gray},align=centre"<br />
set -g message-command-style "fg=${thm_cyan},bg=${thm_gray},align=centre"<br />
<br />
# Panes<br />
set -g pane-border-style "fg=${thm_gray}"<br />
set -g pane-active-border-style "fg=${thm_blue}"<br />
<br />
# Windows<br />
set -g window-status-activity-style "fg=${thm_fg},bg=${thm_bg},none"<br />
set -g window-status-separator " |"<br />
set -g window-status-style "fg=${thm_fg},bg=${thm_bg},none"<br />
<br />
# Statusline - current window<br />
set -g window-status-current-format "#[fg=${thm_blue},bg=${thm_bg}, bold] #[fg=${thm_green},bg=${thm_bg}]#I:#[fg=${thm_cyan},bg=${thm_bg}]#W"<br />
#set -g window-status-current-format "#[fg=${thm_blue},bg=${thm_bg}, bold] #[fg=${thm_green},bg=${thm_bg}]#I:#[fg=${thm_cyan},bg=${thm_bg}]#(echo '#{pane_current_path}' | rev | cut -d'/' -f-2 | rev)#[fg=${thm_magenta},bg=${thm_bg}]"<br />
<br />
# Statusline - other windows<br />
set -g window-status-format "#[fg=${thm_blue},bg=${thm_bg}] #I:#[fg=${thm_fg},bg=${thm_bg}]#W"<br />
<br />
# Statusline - right side<br />
set -g status-right "#[fg=${thm_blue},bg=${thm_bg},nobold,nounderscore,noitalics]#[fg=${thm_bg},bg=${thm_blue},nobold,nounderscore,noitalics] #[fg=${thm_fg},bg=${thm_gray}] #W #{?client_prefix,#[fg=${thm_magenta}],#[fg=${thm_cyan}]}#[bg=${thm_gray}]#{?client_prefix,#[bg=${thm_magenta}],#[bg=${thm_cyan}]}#[fg=${thm_bg}] #[fg=${thm_fg},bg=${thm_gray}]"<br />
<br />
# Statusline - left side (empty)<br />
set -g status-left ""<br />
<br />
# Modes<br />
set -g clock-mode-colour "${thm_blue}"<br />
set -g mode-style "fg=${thm_blue} bg=${thm_black4} bold"<br />
</nowiki></div>
Xbl
http://wiki.6bit.ch/index.php?title=Configs&diff=344
Configs
2026-03-17T22:39:08Z
<p>Xbl: </p>
<hr />
<div>= PS1 =<br />
<code>PS1="\[$(tput bold)\]\[\033[38;5;51m\][\[$(tput sgr0)\]\[\033[38;5;45m\] \[$(tput sgr0)\]\[\033[38;5;249m\]\u \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;201m\]@\[$(tput sgr0)\] \[$(tput sgr0)\]\[\033[38;5;249m\]\h\[$(tput sgr0)\] \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;51m\]_\[$(tput sgr0)\] \[\033[38;5;249m\]\W \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;51m\]]\[$(tput sgr0)\] \[$(tput sgr0)\]\[$(tput bold)\]\[\033[38;5;201m\]\\$\[$(tput sgr0)\]\[\033[38;5;14m\] \[$(tput sgr0)\]"</code><br />
<br />
= tmux.conf =<br />
<nowiki><br />
# Extend history limit<br />
set -g history-limit 42069<br />
<br />
# Don't rename windows automatically<br />
set -g allow-rename off<br />
<br />
# reload config file<br />
bind r source-file ~/.tmux.conf<br />
<br />
# Enable 256 color support<br />
set -g default-terminal "tmux-256color"<br />
set -ga terminal-overrides ",*:RGB"<br />
<br />
# Enable clipboard<br />
set -g set-clipboard on<br />
<br />
# Change keyboard index<br />
set -g base-index 1<br />
set -g pane-base-index 1<br />
set-window-option -g pane-base-index 1<br />
set-option -g renumber-windows on<br />
<br />
# Theme colors<br />
thm_bg="#222436"<br />
thm_fg="#c8d3f5"<br />
thm_black="#1b1d2b"<br />
thm_black4="#444a73"<br />
thm_blue="#82aaff"<br />
thm_cyan="#86e1fc"<br />
thm_gray="#3a3f5a"<br />
thm_green="#00ff69"<br />
#thm_green="#c3e88d"<br />
thm_magenta="#c099ff"<br />
thm_orange="#ff9e64"<br />
thm_pink="#ff757f"<br />
thm_red="#ff757f"<br />
thm_yellow="#ffc777"<br />
<br />
# Status bar settings<br />
set -g status "on"<br />
set -g status-bg "${thm_bg}"<br />
set -g status-justify "left"<br />
set -g status-left-length "100"<br />
set -g status-right-length "100"<br />
# Messages<br />
set -g message-style "fg=${thm_cyan},bg=${thm_gray},align=centre"<br />
set -g message-command-style "fg=${thm_cyan},bg=${thm_gray},align=centre"<br />
<br />
# Panes<br />
set -g pane-border-style "fg=${thm_gray}"<br />
set -g pane-active-border-style "fg=${thm_blue}"<br />
<br />
# Windows<br />
set -g window-status-activity-style "fg=${thm_fg},bg=${thm_bg},none"<br />
set -g window-status-separator " |"<br />
set -g window-status-style "fg=${thm_fg},bg=${thm_bg},none"<br />
<br />
# Statusline - current window<br />
set -g window-status-current-format "#[fg=${thm_blue},bg=${thm_bg}, bold] #[fg=${thm_green},bg=${thm_bg}]#I:#[fg=${thm_cyan},bg=${thm_bg}]#W"<br />
#set -g window-status-current-format "#[fg=${thm_blue},bg=${thm_bg}, bold] #[fg=${thm_green},bg=${thm_bg}]#I:#[fg=${thm_cyan},bg=${thm_bg}]#(echo '#{pane_current_path}' | rev | cut -d'/' -f-2 | rev)#[fg=${thm_magenta},bg=${thm_bg}]"<br />
<br />
# Statusline - other windows<br />
set -g window-status-format "#[fg=${thm_blue},bg=${thm_bg}] #I:#[fg=${thm_fg},bg=${thm_bg}]#W"<br />
<br />
# Statusline - right side<br />
set -g status-right "#[fg=${thm_blue},bg=${thm_bg},nobold,nounderscore,noitalics]#[fg=${thm_bg},bg=${thm_blue},nobold,nounderscore,noitalics] #[fg=${thm_fg},bg=${thm_gray}] #W #{?client_prefix,#[fg=${thm_magenta}],#[fg=${thm_cyan}]}#[bg=${thm_gray}]#{?client_prefix,#[bg=${thm_magenta}],#[bg=${thm_cyan}]}#[fg=${thm_bg}] #[fg=${thm_fg},bg=${thm_gray}]"<br />
<br />
# Statusline - left side (empty)<br />
set -g status-left ""<br />
<br />
# Modes<br />
set -g clock-mode-colour "${thm_blue}"<br />
set -g mode-style "fg=${thm_blue} bg=${thm_black4} bold"<br />
</nowiki></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=343
Very Windy
2026-03-17T16:41:37Z
<p>Xbl: /* n1 */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br><br />
<br><br />
Temporarily store current changes and revert to latest pull:<br><br />
<code>git stash</code><br><br />
Go back to stashed changes:<br><br />
<code>git stash pop</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code><br />
<br />
== icinga2 host vars ==<br />
<code>host_vars/host_name/icinga2.yml</code>:<br><br />
<nowiki>icinga2_agent__host_vars:<br />
mailq:<br />
mailq_servertype: "sendmail"</nowiki><br />
<br />
== mysql ==<br />
<code>mysql <dbname> < /home/doobiean/anUpdate.sql</code> Apply sql stuffs to <dbname> database<br><br />
<code>mysql -e "SHOW DATABASES" | grep 0109</code> look for databases<br><br />
<br />
== ansible-vault ==<br />
<code>ansible-vault encrypt_string <string></code> encrypt <string><br />
<br />
== splunk ==<br />
<code>grep -i "connected to" /opt/splunkforwarder/var/log/splunk/splunkd.log</code> Check connected servers.<br />
<br />
== openDKIM ==<br />
<code>chmod -R ug+x /etc/opendkim</code> If key-permissions are denied, even though they appear to be correct.<br />
<br />
== n1 ==<br />
<code>dig 6bit.ch +short</code><br><br />
<code>whois $(!!)</code></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=342
Very Windy
2026-03-17T16:41:24Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br><br />
<br><br />
Temporarily store current changes and revert to latest pull:<br><br />
<code>git stash</code><br><br />
Go back to stashed changes:<br><br />
<code>git stash pop</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code><br />
<br />
== icinga2 host vars ==<br />
<code>host_vars/host_name/icinga2.yml</code>:<br><br />
<nowiki>icinga2_agent__host_vars:<br />
mailq:<br />
mailq_servertype: "sendmail"</nowiki><br />
<br />
== mysql ==<br />
<code>mysql <dbname> < /home/doobiean/anUpdate.sql</code> Apply sql stuffs to <dbname> database<br><br />
<code>mysql -e "SHOW DATABASES" | grep 0109</code> look for databases<br><br />
<br />
== ansible-vault ==<br />
<code>ansible-vault encrypt_string <string></code> encrypt <string><br />
<br />
== splunk ==<br />
<code>grep -i "connected to" /opt/splunkforwarder/var/log/splunk/splunkd.log</code> Check connected servers.<br />
<br />
== openDKIM ==<br />
<code>chmod -R ug+x /etc/opendkim</code> If key-permissions are denied, even though they appear to be correct.<br />
<br />
== n1 ==<br />
<code>dig 6bit.ch +short</code><br />
<code>whois $(!!)</code></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=341
Very Windy
2026-03-16T15:53:27Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br><br />
<br><br />
Temporarily store current changes and revert to latest pull:<br><br />
<code>git stash</code><br><br />
Go back to stashed changes:<br><br />
<code>git stash pop</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code><br />
<br />
== icinga2 host vars ==<br />
<code>host_vars/host_name/icinga2.yml</code>:<br><br />
<nowiki>icinga2_agent__host_vars:<br />
mailq:<br />
mailq_servertype: "sendmail"</nowiki><br />
<br />
== mysql ==<br />
<code>mysql <dbname> < /home/doobiean/anUpdate.sql</code> Apply sql stuffs to <dbname> database<br><br />
<code>mysql -e "SHOW DATABASES" | grep 0109</code> look for databases<br><br />
<br />
== ansible-vault ==<br />
<code>ansible-vault encrypt_string <string></code> encrypt <string><br />
<br />
== splunk ==<br />
<code>grep -i "connected to" /opt/splunkforwarder/var/log/splunk/splunkd.log</code> Check connected servers.<br />
<br />
== openDKIM ==<br />
<code>chmod -R ug+x /etc/opendkim</code> If key-permissions are denied, even though they appear to be correct.</div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=340
Very Windy
2026-03-12T11:56:53Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br><br />
<br><br />
Temporarily store current changes and revert to latest pull:<br><br />
<code>git stash</code><br><br />
Go back to stashed changes:<br><br />
<code>git stash pop</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code><br />
<br />
== icinga2 host vars ==<br />
<code>host_vars/host_name/icinga2.yml</code>:<br><br />
<nowiki>icinga2_agent__host_vars:<br />
mailq:<br />
mailq_servertype: "sendmail"</nowiki><br />
<br />
== mysql ==<br />
<code>mysql <dbname> < /home/doobiean/anUpdate.sql</code> Apply sql stuffs to <dbname> database<br><br />
<code>mysql -e "SHOW DATABASES" | grep 0109</code> look for databases<br><br />
<br />
== ansible-vault ==<br />
<code>ansible-vault encrypt_string <string></code> encrypt <string><br />
<br />
== splunk ==<br />
<code>grep -i "connected to" /opt/splunkforwarder/var/log/splunk/splunkd.log</code> Check connected servers.</div>
Xbl
http://wiki.6bit.ch/index.php?title=Configs&diff=339
Configs
2026-03-09T16:18:04Z
<p>Xbl: Created page with "= PS1 = = tmux.conf = <nowiki> # Extend history limit set -g history-limit 42069 # Don't rename windows automatically set -g allow-rename off # reload config file bind r source-file ~/.tmux.conf # Enable 256 color support set -g default-terminal "tmux-256color" set -ga terminal-overrides ",*:RGB" # Enable clipboard set -g set-clipboard on # Change keyboard index set -g base-index 1 set -g pane-base-index 1 set-window-option -g pane-base-index 1 set-option -g ren..."</p>
<hr />
<div>= PS1 =<br />
<br />
<br />
= tmux.conf =<br />
<nowiki><br />
# Extend history limit<br />
set -g history-limit 42069<br />
<br />
# Don't rename windows automatically<br />
set -g allow-rename off<br />
<br />
# reload config file<br />
bind r source-file ~/.tmux.conf<br />
<br />
# Enable 256 color support<br />
set -g default-terminal "tmux-256color"<br />
set -ga terminal-overrides ",*:RGB"<br />
<br />
# Enable clipboard<br />
set -g set-clipboard on<br />
<br />
# Change keyboard index<br />
set -g base-index 1<br />
set -g pane-base-index 1<br />
set-window-option -g pane-base-index 1<br />
set-option -g renumber-windows on<br />
<br />
# Theme colors<br />
thm_bg="#222436"<br />
thm_fg="#c8d3f5"<br />
thm_black="#1b1d2b"<br />
thm_black4="#444a73"<br />
thm_blue="#82aaff"<br />
thm_cyan="#86e1fc"<br />
thm_gray="#3a3f5a"<br />
thm_green="#00ff69"<br />
#thm_green="#c3e88d"<br />
thm_magenta="#c099ff"<br />
thm_orange="#ff9e64"<br />
thm_pink="#ff757f"<br />
thm_red="#ff757f"<br />
thm_yellow="#ffc777"<br />
<br />
# Status bar settings<br />
set -g status "on"<br />
set -g status-bg "${thm_bg}"<br />
set -g status-justify "left"<br />
set -g status-left-length "100"<br />
set -g status-right-length "100"<br />
# Messages<br />
set -g message-style "fg=${thm_cyan},bg=${thm_gray},align=centre"<br />
set -g message-command-style "fg=${thm_cyan},bg=${thm_gray},align=centre"<br />
<br />
# Panes<br />
set -g pane-border-style "fg=${thm_gray}"<br />
set -g pane-active-border-style "fg=${thm_blue}"<br />
<br />
# Windows<br />
set -g window-status-activity-style "fg=${thm_fg},bg=${thm_bg},none"<br />
set -g window-status-separator " |"<br />
set -g window-status-style "fg=${thm_fg},bg=${thm_bg},none"<br />
<br />
# Statusline - current window<br />
set -g window-status-current-format "#[fg=${thm_blue},bg=${thm_bg}, bold] #[fg=${thm_green},bg=${thm_bg}]#I:#[fg=${thm_cyan},bg=${thm_bg}]#W"<br />
#set -g window-status-current-format "#[fg=${thm_blue},bg=${thm_bg}, bold] #[fg=${thm_green},bg=${thm_bg}]#I:#[fg=${thm_cyan},bg=${thm_bg}]#(echo '#{pane_current_path}' | rev | cut -d'/' -f-2 | rev)#[fg=${thm_magenta},bg=${thm_bg}]"<br />
<br />
# Statusline - other windows<br />
set -g window-status-format "#[fg=${thm_blue},bg=${thm_bg}] #I:#[fg=${thm_fg},bg=${thm_bg}]#W"<br />
<br />
# Statusline - right side<br />
set -g status-right "#[fg=${thm_blue},bg=${thm_bg},nobold,nounderscore,noitalics]#[fg=${thm_bg},bg=${thm_blue},nobold,nounderscore,noitalics] #[fg=${thm_fg},bg=${thm_gray}] #W #{?client_prefix,#[fg=${thm_magenta}],#[fg=${thm_cyan}]}#[bg=${thm_gray}]#{?client_prefix,#[bg=${thm_magenta}],#[bg=${thm_cyan}]}#[fg=${thm_bg}] #[fg=${thm_fg},bg=${thm_gray}]"<br />
<br />
# Statusline - left side (empty)<br />
set -g status-left ""<br />
<br />
# Modes<br />
set -g clock-mode-colour "${thm_blue}"<br />
set -g mode-style "fg=${thm_blue} bg=${thm_black4} bold"<br />
</nowiki></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=338
Very Windy
2026-03-06T16:23:26Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br><br />
<br><br />
Temporarily store current changes and revert to latest pull:<br><br />
<code>git stash</code><br><br />
Go back to stashed changes:<br><br />
<code>git stash pop</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code><br />
<br />
== icinga2 host vars ==<br />
<code>host_vars/host_name/icinga2.yml</code>:<br><br />
<nowiki>icinga2_agent__host_vars:<br />
mailq:<br />
mailq_servertype: "sendmail"</nowiki><br />
<br />
== mysql ==<br />
<code>mysql <dbname> < /home/doobiean/anUpdate.sql</code> Apply sql stuffs to <dbname> database<br><br />
<code>mysql -e "SHOW DATABASES" | grep 0109</code> look for databases<br><br />
<br />
== ansible-vault ==<br />
<code>ansible-vault encrypt_string <string></code> encrypt <string></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=337
Very Windy
2026-03-05T14:25:00Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br><br />
<br><br />
Temporarily store current changes and revert to latest pull:<br><br />
<code>git stash</code><br><br />
Go back to stashed changes:<br><br />
<code>git stash pop</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code><br />
<br />
== icinga2 host vars ==<br />
<code>host_vars/host_name/icinga2.yml</code>:<br><br />
<nowiki>icinga2_agent__host_vars:<br />
mailq:<br />
mailq_servertype: "sendmail"</nowiki><br />
<br />
== mysql ==<br />
<code>mysql <dbname> < /home/doobiean/anUpdate.sql</code> Apply sql stuffs to dbname database</div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=336
Very Windy
2026-03-02T11:38:11Z
<p>Xbl: /* git */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br><br />
<br><br />
Temporarily store current changes and revert to latest pull:<br><br />
<code>git stash</code><br><br />
Go back to stashed changes:<br><br />
<code>git stash pop</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code><br />
<br />
== icinga2 host vars ==<br />
<code>host_vars/host_name/icinga2.yml</code>:<br><br />
<nowiki>icinga2_agent__host_vars:<br />
mailq:<br />
mailq_servertype: "sendmail"</nowiki></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=335
Very Windy
2026-03-02T11:37:34Z
<p>Xbl: /* git */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br><br />
Temporarily store current changes and revert to latest pull:<br><br />
<code>git stash</code><br><br />
Go back to stashed changes:<br><br />
<code>git stash pop</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code><br />
<br />
== icinga2 host vars ==<br />
<code>host_vars/host_name/icinga2.yml</code>:<br><br />
<nowiki>icinga2_agent__host_vars:<br />
mailq:<br />
mailq_servertype: "sendmail"</nowiki></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=334
Very Windy
2026-02-27T08:46:16Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code><br />
<br />
== icinga2 host vars ==<br />
<code>host_vars/host_name/icinga2.yml</code>:<br><br />
<nowiki>icinga2_agent__host_vars:<br />
mailq:<br />
mailq_servertype: "sendmail"</nowiki></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=333
Very Windy
2026-02-27T08:45:54Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code><br />
<br />
== icinga2 host vars ==<br />
<code>host_vars/host_name/icinga2.yml</code><br><br />
<nowiki>icinga2_agent__host_vars:<br />
mailq:<br />
mailq_servertype: "sendmail"</nowiki></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=332
Very Windy
2026-02-26T12:13:22Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br><br />
<br />
== openstack cli ==<br />
<code>export OS_CLOUD="name"</code></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=331
Very Windy
2026-02-26T11:28:26Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
<br />
== SFTP für Endkunden freischalten ==<br />
Find high port on mgmt01: <code>nft list ruleset | grep target_host_ip</code><br><br />
Horizon Security Group Rules (mgmt-ssh-forwarding), allow ingress from client_ip<br></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=330
Very Windy
2026-02-26T10:18:22Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br><br />
Append information after commit:<br><br />
<code>git commit --amend --author "Ueli Hans<hans.ueli@uelihans.ch>"</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=329
Very Windy
2026-02-26T10:16:34Z
<p>Xbl: Undo revision 328 by Xbl (talk)</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=328
Very Windy
2026-02-26T10:14:21Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br />
Append information after commit:<br><br />
<code>git commit --amend --author "Lukas Wegmann<lukas.wegmann@everyware.ch>"</code><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=327
Very Windy
2026-02-24T15:07:43Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)<br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=326
Very Windy
2026-02-24T15:06:48Z
<p>Xbl: /* openssl */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("</nowiki><br />
<br><br />
Use argument <code>-legacy</code> for deprecated ciphers.<br><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)</div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=325
Very Windy
2026-02-23T14:02:38Z
<p>Xbl: /* git */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden (rekursiv)<br><br />
<code>git submodule update --remote</code> Submodule laden (remote)<br><br />
<br><br />
<code>git submodule update</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)</div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=324
Very Windy
2026-02-23T12:56:55Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden<br><br />
<code>git submodule update --remote</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== pfx/pem conversion ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)</div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=323
Very Windy
2026-02-23T11:45:57Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden<br><br />
<code>git submodule update --remote</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code><br />
<br />
== openSSL pfx/pem ==<br />
# Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key</code><br><br />
<br><br />
# Extract the CRT certificate (you will be prompted to enter the PFX file password)<br><br />
<code>openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt</code><br><br />
<br><br />
# (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)<br><br />
<code>openssl rsa -in private_key.key -out private_key_nopass.key</code><br><br />
<br><br />
Encryption of private key can be checked with <code># cat private.key</code> (first line)</div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=322
Very Windy
2026-02-23T09:00:53Z
<p>Xbl: /* icinga2 */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden<br><br />
<code>git submodule update --remote</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=321
Very Windy
2026-02-23T09:00:43Z
<p>Xbl: /* icinga2 */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden<br><br />
<code>git submodule update --remote</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
Check available commands in Icinga Director / Commands.<br><br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=320
Very Windy
2026-02-23T08:59:31Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden<br><br />
<code>git submodule update --remote</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code><br />
<br />
== icinga2 ==<br />
After editing monitoring parameters in ansible:<br><br />
<code>ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host</code></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=319
Very Windy
2026-02-19T12:05:20Z
<p>Xbl: /* tmux */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden<br><br />
<code>git submodule update --remote</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki><br />
Move window to new pane:<br><br />
<code>Ctrl + b !</code></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=318
Very Windy
2026-02-19T12:00:48Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden<br><br />
<code>git submodule update --remote</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code><br />
<br />
== tmux ==<br />
Move window to other pane:<br><br />
<nowiki>Ctrl + b<br />
:move-pane -t X</nowiki></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=317
Very Windy
2026-02-18T16:29:19Z
<p>Xbl: /* Check yo shit front to back */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden<br><br />
<code>git submodule update --remote</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag ==<br />
<code>mount -o remount,exec /tmp</code></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=316
Very Windy
2026-02-18T16:28:41Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden<br><br />
<code>git submodule update --remote</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =<br />
<br />
== Remount /tmp without noexec flag<br />
<code>mount -o remount,exec /tmp</code></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=315
Very Windy
2026-02-18T16:20:16Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden<br><br />
<code>git submodule update --remote</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code><br />
<br />
= Check yo shit front to back =</div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=314
Very Windy
2026-02-18T11:40:59Z
<p>Xbl: /* upremote */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden<br><br />
<code>git submodule update --remote</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/scripts/</code><br><br />
<code>$HOME/log/</code></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=313
Very Windy
2026-02-18T11:38:41Z
<p>Xbl: /* upremote */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden<br><br />
<code>git submodule update --remote</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
<code>$HOME/script$</code><br><br />
<code>$HOME/log</code></div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=312
Very Windy
2026-02-18T11:38:02Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden<br><br />
<code>git submodule update --remote</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.<br />
<br />
== upremote ==<br />
$HOME/scripts<br><br />
$HOME/log</div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=311
Very Windy
2026-02-18T10:52:50Z
<p>Xbl: /* Start new git project */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden<br><br />
<code>git submodule update --remote</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script (cs)<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.</div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=310
Very Windy
2026-02-18T10:11:50Z
<p>Xbl: /* curl */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden<br><br />
<code>git submodule update --remote</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -vvv</code> verbose verbose verbose<br><br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.</div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=309
Very Windy
2026-02-18T10:10:22Z
<p>Xbl: /* Monitoring */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden<br><br />
<code>git submodule update --remote</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br><br />
Bei Wartungen Downtime erstellen.<br><br />
<br />
== Wartung ==<br />
Snapshots nach 1w löschen.</div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=308
Very Windy
2026-02-18T10:08:56Z
<p>Xbl: </p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden<br><br />
<code>git submodule update --remote</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
<br><br />
Bash to check private key against certificate (checkssl.sh):<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
</nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br />
<br />
Bei Wartungen Downtime erstellen.</div>
Xbl
http://wiki.6bit.ch/index.php?title=Very_Windy&diff=307
Very Windy
2026-02-18T10:07:13Z
<p>Xbl: /* openssl */</p>
<hr />
<div>= lvm procedure =<br />
<nowiki>Die VM-Disk /dev/sda wurde vergrössert<br />
1. Ist Zustand prüfen<br />
lsblk<br />
2. Disk "sda" neu einlesen<br />
echo 1 > /sys/block/sda/device/rescan<br />
3. Partition vergrössern<br />
growpart /dev/sda 3<br />
4. PV überprüfen<br />
pvs<br />
4a. allenfalls physical volume vergrössern<br />
pvresize /dev/sda3<br />
5. VG überprüfen<br />
vgs<br />
6. LV vergrössern und Filesystem vergrössern<br />
lvresize -rL+50G /dev/mapper/system-docker<br />
lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki><br />
<br />
== git ==<br />
<code>git submodule update --init</code> Submodule laden<br><br />
<code>git submodule update --init --recursive</code> Submodule laden<br><br />
<code>git submodule update --remote</code> Submodule aktualisieren<br><br />
<br />
== openssl ==<br />
Check CSR:<br><br />
<code>openssl req -in sample.csr -noout -text</code><br><br />
Bash to check private key against certificate:<br />
<nowiki>cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh<br />
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"<br />
key="$cn.key"<br />
<br />
crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \<br />
keymd5=$( openssl rsa -noout -modulus -in "$key" | openssl md5 ) ; \<br />
\<br />
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \<br />
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen :)" || echo "passen NICHT zusammen :("<br />
<nowiki><br />
<br />
== ansible ==<br />
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br><br />
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br><br />
Tags can be skipped with <code>--skip-tags <tags></code><br><br />
Tasks tagged 'always' will run no matter what tags are selected.<br><br />
Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br><br />
<br />
== ln ==<br />
<code>ln -s ../files</code><br />
<br />
== curl ==<br />
<code>curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch</code> check connection with hardcoded dns<br><br />
<code>curl -x sexybit.sh https://apod.nasa.gov</code> check connection with proxy<br><br />
<code>curl -L https://apod.nasa.gov</code> follow redirects<br />
<br />
== New Systems ==<br />
Size: 2CPU, 2G RAM, 40G Disk<br><br />
VG Name: system<br><br />
/: 10G<br><br />
Swap: 4G<br><br />
/var-log: 4G<br><br />
<br />
== IPTables / firewalld ==<br />
<nowiki><?xml version="1.0" encoding="utf-8"?><br />
<direct><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule><br />
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule><br />
</direct></nowiki><br />
<br />
Show all direct rules (/etc/firewalld/direct.xml):<br><br />
<code>firewall-cmd --get-all-rules --direct</code><br />
<br />
== Clear root Password / disable root login ==<br />
-d --delete: delete user's password<br><br />
-l --lock: lock user's password<br><br />
<code># passwd -dl root</code><br />
<br />
== Start new git project ==<br />
Create blank repo without README.md<br><br />
Run ansible-init script<br><br />
<br />
== Monitoring ==<br />
icinga-Server verbindet sich zum Agent über Port 5665.<br />
<br />
Bei Wartungen Downtime erstellen.</div>
Xbl