* - grimoire - dark wiki & knowledge base
(HTM) git clone git@git.drkhsh.at/codex.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit ad7d44d1839926d10fcda9b2d5fc95aba6502afa
(DIR) parent 3f9f05746337133363ad635af48afc66df990c2c
(HTM) Author: drkhsh <me@drkhsh.at>
Date: Fri, 25 Jul 2025 01:02:50 +0200
*
Diffstat:
A media/headers/home.jpg | 0
A media/headers/knowledge.jpg | 0
A media/headers/satansim.jpg | 0
M src/database/glossary.ndtl | 4 ++++
M src/database/journal.tbtl | 1 +
M src/database/lexicon.ndtl | 743 ++++++++++++++++++++++++++++++-
A src/inc/text/kubernetes/flux-syste… | 23 +++++++++++++++++++++++
A src/inc/text/kubernetes/storage-ex… | 1 +
A src/inc/text/needrestart.txt | 6 ++++++
A src/inc/text/ssh-gotify-wl.txt | 15 +++++++++++++++
A src/inc/text/ssh-gotify.txt | 13 +++++++++++++
11 files changed, 805 insertions(+), 1 deletion(-)
---
(DIR) diff --git a/media/headers/home.jpg b/media/headers/home.jpg
Binary files differ.
(DIR) diff --git a/media/headers/knowledge.jpg b/media/headers/knowledge.jpg
Binary files differ.
(DIR) diff --git a/media/headers/satansim.jpg b/media/headers/satansim.jpg
Binary files differ.
(DIR) diff --git a/src/database/glossary.ndtl b/src/database/glossary.ndtl
@@ -2,3 +2,7 @@
; https://wiki.xxiivv.com/site/indental.html
; Dictionaries
+
+BLOG LINKS
+ Drew Devault : https://drewdevault.com
+ Stanley Lieber : http://stanleylieber.com
(DIR) diff --git a/src/database/journal.tbtl b/src/database/journal.tbtl
@@ -1,3 +1,4 @@
; The horaire is a collection of logs.
; https://wiki.xxiivv.com/site/tablatal.html
;DATE CODE HOST PIC NAME
+15N07 -137 knowledge Stuff
(DIR) diff --git a/src/database/lexicon.ndtl b/src/database/lexicon.ndtl
@@ -49,6 +49,298 @@ VIRTUALIZATION
HOST : practice
BREF : vms, containers etc.
TYPE : text_portal
+KUBERNETES
+ HOST : virtualization
+ BREF : stuff
+ TYPE : text_portal
+ BODY
+ ## install
+
+ ```
+ # curl -sfL https://get.k3s.io | sh -
+ ```
+
+ ### add nodes
+
+ ```
+ curl -sfL https://get.k3s.io | K3S_URL=https://myserver:6443 K3S_TOKEN=mynodetoken sh -
+ ```
+
+ token is in `/var/lib/rancher/k3s/server/node-token`
+
+ ## helm
+
+ ```
+ $ curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+ $ chmod 700 get_helm.sh
+ $ ./get_helm.sh
+ ```
+
+ add prometheus community repo:
+
+ ```
+ $ helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+ $ helm repo update
+ ```
+
+ ## remove traefik
+
+ ```
+ $ rm -rf /var/lib/rancher/k3s/server/manifests/traefik.yaml
+ $ helm uninstall traefik traefik-crd -n kube-system
+ $ systemctl restart k3s
+ ```
+
+ (will be uninstalled & not reinstalled at restart)
+
+ ## tools
+
+ ### k9s
+
+ download from [here](https://github.com/derailed/k9s/releases).
+
+ ## flux cd
+
+ ### delete flux-system namespace
+
+ {^text kubernetes/flux-system-delete}
+
+ ## patch storageclass for expansion
+
+ {^text kubernetes/storage-expansion}
+
+ ## monitoring
+
+ #### kube-state-metrics
+
+ ```
+ helm install kube-state-metrics prometheus-community/kube-state-metrics -n kube-system
+ ```
+
+ expose as service:
+
+ ```
+ kind: Service
+ apiVersion: v1
+ metadata:
+ namespace: kube-system
+ name: kube-state-metrics-service
+ spec:
+ selector:
+ app.kubernetes.io/name: kube-state-metrics
+ ports:
+ - protocol: TCP
+ port: 8080
+ targetPort: 8080
+ nodePort: 30000
+ type: NodePort
+ ```
+
+ #### dashboard
+
+ see [here](https://github.com/dotdc/grafana-dashboards-kubernetes)
+PROXMOX
+ HOST : virtualization
+ BREF : stuff
+ TYPE : text_portal
+ BODY
+ ## Fix needrestart behaviour
+
+ {^text needrestart}
+
+ ## Move from LVM to ZFS
+
+ - vm -> online migration works
+ - ct -> thorugh cli - move to same storage format on target
+ - then move storage to zfs
+
+ ## Fulldisk encryption with Proxmox and ZFS native encryption
+
+ Install normally using the installer, after the setup reboot into recovery mode (from the USB stick).
+
+ ```
+ # Import the old pool
+ zpool import -f rpool
+
+ # Make a snapshot of the current one
+ zfs snapshot -r rpool/ROOT@copy
+
+ # Send the snapshot to a temporary root
+ zfs send -R rpool/ROOT@copy | zfs receive rpool/copyroot
+
+ # Destroy the old unencrypted root
+ zfs destroy -r rpool/ROOT
+
+ # Create a new zfs root, with encryption turned on
+ # OR -o encryption=aes-256-gcm - aes-256-ccm vs aes-256-gcm
+ zfs create -o encryption=on -o keyformat=passphrase rpool/ROOT
+
+ # Copy the files from the copy to the new encrypted zfs root
+ zfs send -R rpool/copyroot/pve-1@copy | zfs receive -o encryption=on rpool/ROOT/pve-1
+
+ # Set the mountpoint
+ zfs set mountpoint=/ rpool/ROOT/pve-1
+
+ # Delete the old unencrypted copy
+ zfs destroy -r rpool/copyroot
+
+ # Export the pool again, so you can boot from it
+ zpool export rpool
+ ```
+
+ If you want, turn compression and other ZFS features on afterwards.
+
+ Helpful commands:
+
+ ```
+ # list all mounts
+ zfs list
+
+ # Check which ZFS pools are encrypted
+ zfs get encryption
+
+ # Mount everything
+ zfs mount -l -a
+
+ # Show status and devices
+ zpool list
+ ```
+
+ > [!WARNING]
+ > Watch out, remove all **unencrypted** snapshots and datasets after you done!
+
+ ## Setting up a Corosync Qdevice on a Raspberry Pi
+
+ On the raspi (or similar):
+
+ ```
+ # apt install corosync-qnetd
+
+ # nano /etc/ssh/sshd_config
+ PermitRootLogin yes
+ sudo systemctl restart ssh
+ ```
+
+ On all the Proxmox nodes:
+
+ ```
+ # apt install corosync-qdevice
+
+ # pvecm qdevice setup <qdevice_ip_address>
+ # pvecm status
+ ```
+
+ ## Reinstall nodes
+
+ - ssh host keys should be kept, especially with same node name
+ - ssh keys and authorized_keys in `/root/.ssh`
+ - re-create qdevice afterwards!
+
+ ## Generic PBS backup script
+
+ First, generate key:
+
+ ```
+ proxmox-backup-client key create my-backup.key
+ Encryption Key Password: **************
+ ```
+
+ The key is password protected by default. If you do not need this extra protection, you can also create it without a password:
+
+ ```
+ proxmox-backup-client key create /path/to/my-backup.key --kdf none
+ ```
+
+ /usr/local/bin/pbs_backup.sh:
+
+ ```
+ #!/bin/bash
+
+ export PBS_REPOSITORY=user@pbs@pbs:datastore
+ export PBS_PASSWORD=XXX
+ export PBS_ENCRYPTION_PASSWORD='XXX'
+ export PBS_FINGERPRINT="XXX"
+
+ apt clean cache
+ proxmox-backup-client backup root.pxar:/ --keyfile /root/.config/proxmox-backup/encryption-key.json --all-file-systems <true/false>
+ ```
+
+ ## change PVE cluster IP addresses
+
+ ```
+ # Stop the cluster services
+ systemctl stop pve-cluster
+ systemctl stop corosync
+
+ # Mount the filesystem locally
+ pmxcfs -l
+
+ # Edit the network interfaces file to have the new IP information
+ # Be sure to replace both the address and gateway
+ vi /etc/network/interfaces
+
+ # Replace any host entries with the new IP addresses
+ vi /etc/hosts
+
+ # Change the DNS server as necessary
+ vi /etc/resolv.conf
+
+ # Edit the corosync file and replace the old IPs with the new IPs for all hosts
+ # :%s/192\.168\.1\./192.168.2./g <- vi command to replace all instances
+ # BE SURE TO INCREMENT THE config_version: x LINE BY ONE TO ENSURE THE CONFIG IS NOT OVERWRITTEN
+ vi /etc/pve/corosync.conf
+
+ # Edit the known hosts file to have the correct IPs
+ # :%s/192\.168\.1\./192.168.2./g <- vi command to replace all instances
+ /etc/pve/priv/known_hosts
+
+ # If using ceph, edit the ceph configuration file to reflect the new network
+ # (thanks u/FortunatelyLethal)
+ # :%s/192\.168\.1\./192.168.2./g <- vi command to replace all instances
+ vi /etc/ceph/ceph.conf
+
+ # If you want to be granular... fix the IP in /etc/issue
+ vi /etc/issue
+
+ # Verify there aren't any stragglers with the old IP hanging around
+ cd /etc
+ grep -R '192\.168\.1\.' *
+ cd /var
+ grep -R '192\.168\.1\.' *
+
+ # Reboot the system to cleanly restart all the networking and services
+ reboot
+
+ # Referenced pages:
+ # - https://forum.proxmox.com/threads/change-cluster-nodes-ip-addresses.33406/
+ # - https://pve.proxmox.com/wiki/Cluster_Manager#_remove_a_cluster_node
+ ```
+
+ https://bookstack.dismyserver.net/books/documentation/page/how-to-change-the-ip-address-of-a-proxmox-clustered-node
+
+ ## SSH remote unlock
+
+ ```
+ apt install dropbear-initramfs
+ ```
+
+ add ssh key to /etc/dropbear/initramfs/authorized_keys
+
+ in /etc/dropbear/initramfs/dropbear.conf
+
+ ```
+ DROPBEAR_OPTIONS="-j -k -c zfsunlock"
+ ```
+
+ ```
+ update-initramfs -u
+ ```
+
+ ## set EFI disk
+
+ ```
+ qm set 103 --efidisk0 rpool:vm-103-disk-0
+ ```
GIMP
HOST : tools
BREF : notes on gimp
@@ -99,6 +391,424 @@ UNIX
TYPE : text_portal
BODY
stuff
+PLAN9
+ HOST : unix
+ BREF : stuff
+ TYPE : text_portal
+ BODY
+ ## Programs
+
+ Editor: sam, acme
+ Browser: mothra
+ PDF/Images: page
+ fshalt/reboot
+
+ ## Logs
+
+ /dev/kmesg is dmesg
+
+ ## Tab completion
+
+ *CTRL-F* instead of *Tab*
+
+ *CTRL-B* goes back to prompt
+
+ ## Text manipulation
+
+ - "Terminal" can be freely edited
+ - No clear, just remove
+ - No double quotes, see below
+ - Only single and backslash for escaping
+ - Use copy-paste
+ - /dev/text contains terminal contents
+ - cat /dev/text > transcript - `script` in unix
+ - > /dev/text - clear
+ - grep '^; ' /dev/text - history (with `;` as shell prompt)
+ - /dev/snarf contains clipboard
+ - /dev/cons can write to console
+
+ ## History
+
+ - `""` to repeat previous command
+ - `"` to print previous command
+
+ ## ACME
+
+ - *Dump* saves window arrangement
+ - acme -l acme.dump restores
+ - Left and middle-click to Cut
+ - Left and right-click to Paste
+ - Left and middle-click, then right-click to Snarf, or Copy.
+ - "Look" to search
+ - Right-click for next result
+ - "Zerox" will duplicate window
+ - "Sort" sorts columns by name
+ - "Get" opens dir
+ - Search and replace with "Edit" - Sam/ed syntax
+ - Right-click to plumb
+ - Blue square to resize/move windows/columns
+ - Middle click on scrollbar to jump
+
+ You can also right-click on the dark blue window square, to hide all the
+ column windows except that one, left-click on it to bring the windows back.
+ Left-clicking on the square will increase the window size a little, middle-clicking will maximize the window.
+
+
+ Edit = print current line number
+ Edit ,|sort -r reverse sort the file
+ Edit ,|grep -n . add line numbers
+ Edit ,s/^.*: //g remove line numbers
+ Edit s/^/ /g indent text
+ Edit s/^ //g unindent text
+ Edit s/^/#/g comment out lines of code
+ Edit s/^#//g uncomment lines of code
+ Edit ,|wc -c file word count
+ Edit ,|fmt nicely format the file
+ Edit ,|cb beautify C source code
+ Edit s/./-/g underline after copying a line
+ |tr A-Z a-z lowercase text
+ |tr a-z A-Z uppercase text
+ |tr a-zA-Z n-za-mN-ZA-M rot13 text
+
+ ## File management
+
+ No rmdir -> rm
+ No cp -r -> dircp
+
+ ## Fun stuff
+
+ grep ☺ /lib/keyboard
+
+ ## Add user
+
+ # add user to the file server
+
+ ; echo newuser bob >> /srv/hjfs.cmd
+ ; echo newuser upas +bob >> /srv/hjfs.cmd
+ ; echo newuser adm +bob >> /srv/hjfs.cmd
+ ; echo newuser sys +bob >> /srv/hjfs.cmd
+
+ # add user to the auth server
+
+ ; auth/keyfs
+ ; auth/changeuser bob
+ ; auth/enable bob
+
+ ## Add own face to faces
+
+ jpg -c myface.jpg | iconv -c m8 | resample -x 48 -y 48 > myface.1
+ jpg -c myface.jpg | resample -x 100 | crop -b 255 255 255 -i -30 | mug > face.1
+ /lib/faces/48x48x8/a/abc.1
+ /lib/faces/48x48x8/.dict
+ /lib/faces/.host...
+ man face, man faces
+
+ ## Email setup
+
+ add passwords to factotum (put into profile, not persistent)
+
+ ```
+ % echo 'key proto=pass service=imap server=imap.gmail.com \
+ user=email !password=☠' >/mnt/factotum/ctl
+ % echo 'key proto=pass service=imap server=mail.9lab.org \
+ user=user !password=☠' >/mnt/factotum/ctl
+ % echo 'key proto=pass service=imap server=imap.bytelabs.org \
+ user=user !password=☠' >/mnt/factotum/ctl
+ ```
+
+ ....
+ TODO
+
+ ## create new user
+
+ ```
+ % con -C /srv/hjfs.cmd
+ newuser USER
+ newuser sys +USER
+ newuser adm +USER
+ newuser upas +USER
+ newuser cron +USER
+ % auth/keyfs
+ % auth/changeuser USER
+ % auth/enable USER
+ ```
+
+ ## login using drawterm
+
+ ```
+ drawterm -a <authserver> -h <host>
+ ```
+
+ on first login:
+ run `/sys/lib/newuser`
+
+ ## proxmox fix
+
+ /etc/modprobe.d/kvm.conf:
+
+ ```
+ options kvm min_timer_period_us=10
+ ```
+OPENBSD
+ HOST : unix
+ BREF : stuff
+ TYPE : text_portal
+ BODY
+ ## install set after installation (attention!)
+
+ ```
+ # cd /tmp
+ # ftp https://ftp2.eu.openbsd.org/pub/OpenBSD/<VERSION>/<ARCH>/<SET>.tgz
+ # cd /
+ # tar xzvphf /tmp/<SET>.tgz
+ ```
+
+ ## rmeove set after installation (attention!)
+
+ ```
+ # cd /
+ # tar tzf /tmp/comp76.tgz | xargs rm
+ ```
+
+ ## auto_upgrade.conf / auto_install.conf
+
+ pack a bsd.rd with the conifg included:
+
+ ```
+ mkdir tmp
+ mv bsd.rd bsd.rd.gz
+ gunzip bsd.rd.gz
+ rdsetroot -dx bsd.rd root.fs
+ doas vnconfig vnd3 root.fs
+ doas mount /dev/vnd3a ./tmp
+ doas cp /auto_upgrade.conf tmp/
+ doas umount /dev/vnd3a
+ doas vnconfig -u vnd3
+ rdsetroot -d bsd.rd root.fs
+ gzip bsd.rd
+ mv bsd.rd.gz bsd.rd
+ ```
+
+ ```
+ Location of sets = disk
+ Pathname to the sets = /home/_sysupgrade/
+ Set name(s) = -xserv*
+ Set name(s) = done
+ Directory does not contain SHA256.sig. Continue without verification = yes
+ ```
+
+ ## OpenBSD: using snapshots
+
+ update to snapshot:
+
+ ```
+ sysupgrade -s
+ ```
+
+ update packages while on snapshot:
+
+ ```
+ pkg_add -D snapshot -u
+ ```
+
+ ## OpenBSD: ports
+
+ install package from local directory:
+
+ ```
+ pkg_add -D unsigned <name>
+ ```
+
+ ## Unbound
+
+ see also DNSSEC
+
+ ### loki & promtail
+
+ ```
+ # unbound to loki/promtail
+ !!unbound
+ *.* @localhost:516
+ !*
+ ```
+
+ ## OpenBSD: DNSSEC
+
+ ```
+ # ftp -o /var/unbound/etc/root.hints https://www.internic.net/domain/named.root
+ # unbound-anchor
+ ```
+
+ /var/unbound/etc/unbound.conf:
+
+ ```
+ root-hints: "/var/unbound/etc/root.hints"
+ auto-trust-anchor- "/var/unbound/db/root.key"
+ ```
+
+ /etc/monthly.local:
+
+ ```
+ next_part "Updating unbound root hints ..."
+ ftp -S do -o /tmp/root.hints https://www.internic.net/domain/named.root
+ if [ $? -eq 0 ]; then
+ mv -f /tmp/root.hints /var/unbound/db/root.hints
+ rcctl reload unbound
+ fi
+ ```
+
+ ```
+ # unbound-checkconf
+ # rcctl restart unbound
+ ```
+
+ ## qemu-ga with openbsd and proxmox
+
+ in the proxmox qemu config file for the vm (/etc/pve/qemu-server/.conf)
+
+ ```
+ agent: 1,type=isa
+ ```
+
+ type _ISA_ is important!
+
+ on the vm:
+
+ ```
+ doas pkg_add qemu-ga
+ doas rcctl set qemu_ga flags -m isa-serial -p /dev/cua01
+ ```
+
+ power off the vm and start it again.
+
+ ## loki
+
+ /etc/syslog.conf:
+
+ ```
+ # everything to loki
+ *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none @<syslog server>:514
+ auth,daemon,syslog,user.info;authpriv,kern.debug @<syslog server>:514
+ doas @<syslog server>:514
+ ```
+
+ ## OpenBSD: Suricata setup
+
+ /etc/daily.local:
+
+ ```
+ next_part "Updating suricata rulesets ..."
+ suricata-update
+ if [ $? -eq 0 ]; then
+ suricatasc -c reload-rules
+ fi
+ ```
+
+ /etc/syslog.conf:
+
+ ```
+ # suricata to loki/promtail
+ # & nprobe
+ !suricata
+ *.* @localhost:515
+ !!suricata
+ *.* @<nprobe>:9999
+ !*
+ ```
+
+ ## OpenBSD: periodic tasks
+
+ daily check for syspatches in `/etc/daily.local`:
+
+ ```
+ next_part "Checking for syspatches"
+ syspatch -c
+ ```
+
+ daily tls renewal checks in `/etc/daily.local`:
+
+ ```
+ next_part "Refreshing Let's Encrypt certificates"
+ acme-client drkhsh.at
+ if [ $? -eq 0 ]
+ then
+ rcctl reload relayd
+ rcctl reload dovecot
+ rcctl restart smtpd
+ fi
+ ```
+
+ monthly unbound root hint update in /etc/monthly.local:
+
+ ```
+ next_part "Updating unbound root hints ..."
+ ftp -S do -o /tmp/root.hints https://www.internic.net/domain/named.root
+ if [ $? -eq 0 ]; then
+ mv -f /tmp/root.hints /var/unbound/db/root.hints
+ rcctl reload unbound
+ fi
+ ```
+
+ daily suricata ruleset update in /etc/daily.local:
+
+ ```
+ next_part "Updating suricata rulesets ..."
+ suricata-update
+ if [ $? -eq 0 ]; then
+ suricatasc -c reload-rules
+ fi
+ ```
+
+ ## fart-init
+
+ for proxmox:
+
+ ```
+ vm_template# cd /usr/local/sbin
+ vm_template# ftp https://pub.drkhsh.at/dev/random/fart-init
+ vm_template# chmod 755 fart-init
+ vm_template# echo '/usr/local/sbin/fart-init 2>&1 | tee /var/log/fart-init.log' > /etc/rc.local
+ ```
+
+ create template, clone and reboot afterwards, vm should automatically be configured.
+
+ NOTE: passwords do not match due to differences between BSD and Linux
+
+ ## ssh-agent autostart on openbsd
+
+ autostart in _~/.profile_:
+
+ ```
+ if [ ! -S ~/.ssh/ssh_auth_sock ]; then
+ eval `ssh-agent`
+ ln -sf "$SSH_AUTH_SOCK" ~/.ssh/ssh_auth_sock
+ fi
+ export SSH_AUTH_SOCK=~/.ssh/ssh_auth_sock
+ ssh-add -l > /dev/null || ssh-add
+ ```
+
+ to unload and kill on logout (prevents stale entries):
+
+ _~/.profile_:
+
+ ```
+ trap 'test -n "$SSH_AUTH_SOCK" && ssh-add -D && ssh-agent -k; rm $HOME/.ssh/ssh_auth_sock; exit 0' 0
+ ```
+
+ ## remote logging
+
+ set `-h` on openbsd syslogd for remote logging, to correctly set hostname etc.
+
+ for local buffers (in memory logging), see following example:
+
+ ```
+ *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none :256:messages
+ kern.debug;syslog,user.info :256:messages
+ auth.info,authpriv.debug :256:auth
+ cron.info :256:cron
+ daemon.info :256:daemon
+ mail.info :256:mail
+ ```
NETWORK
HOST : practice
BREF : networking stuff
@@ -133,6 +843,32 @@ SECURITY
TYPE : text_portal
BODY
stuff
+SCRIPTS
+ HOST : security
+ BREF : stuff
+ TYPE : text_portal
+ BODY
+ ## Notification on SSH login
+
+ (using Gotify)
+
+ /usr/local/bin/ssh-wrapper:
+
+ {^text ssh-gotify}
+
+ /etc/ssh/sshrc:
+
+ ```
+ /usr/local/bin/ssh-wrapper &
+ ```
+
+ Dont't forget to `chmod 511 /usr/local/bin/ssh-wrapper`!
+
+ ### Version with whitelist
+
+ (depends on `grepcidr`)
+
+ {^text ssh-gotify-wl}
SERVERS
HOST : practice
BREF : stuff about servers
@@ -671,7 +1407,7 @@ FS
BODY
Stuff
SATANSIM
- HOST : knowledge
+ HOST : theory
BREF : hail satan
TYPE : text_portal
BODY
@@ -698,3 +1434,8 @@ DPKG
``
sudo dpkg-divert --divert /usr/share/jellyfin/web/assets/img/banner-light.png.orig --rename --local /usr/share/jellyfin/web/assets/img/banner-light.png
``
+DIRECTORY
+ HOST : home
+ BREF : directories and lists
+ BODY
+ {^list blog links}
(DIR) diff --git a/src/inc/text/kubernetes/flux-system-delete.txt b/src/inc/text/kubernetes/flux-system-delete.txt
@@ -0,0 +1,23 @@
+Dump the descriptor as JSON to a file
+
+ kubectl get namespace flux-system -o json > flux-system.json
+
+Edit flux-system.json and remove kubernetes from the finalizers array
+
+From this:
+
+ "spec": {
+ "finalizers": [
+ "kubernetes"
+ ]
+ },
+
+To this:
+
+ "spec": {
+ "finalizers": []
+ },
+
+Executing our cleanup command:
+
+ kubectl replace --raw "/api/v1/namespaces/flux-system/finalize" -f ./flux-system.json
(DIR) diff --git a/src/inc/text/kubernetes/storage-expansion.txt b/src/inc/text/kubernetes/storage-expansion.txt
@@ -0,0 +1 @@
+ kubectl -n kube-system patch storageclass local-path -p ‘{“allowVolumeExpansion”: true}’
(DIR) diff --git a/src/inc/text/needrestart.txt b/src/inc/text/needrestart.txt
@@ -0,0 +1,6 @@
+/etc/needrestart/conf.d/proxmox.conf
+
+ $nrconf{override_rc} = {
+ qr(^pve) => 0,
+ qr(^lxc-monitord) => 0,
+ };
(DIR) diff --git a/src/inc/text/ssh-gotify-wl.txt b/src/inc/text/ssh-gotify-wl.txt
@@ -0,0 +1,15 @@
+ #!/bin/sh
+
+ baseurl="https://<gotify endpoint>"
+ token="XXX"
+
+ NETWORKS="$(cat /etc/ssh/whitelist)"
+ ip=`echo $SSH_CONNECTION | cut -d " " -f 1`
+ hostname=`hostname`
+ echo $ip | grepcidr "$NETWORKS" >/dev/null && exit 0
+
+ title="SSH login on $hostname"
+ message="$USER has logged in via SSH from $ip on $hostname"
+ logger -t ssh-wrapper $USER login from $ip
+ curl -s "${baseurl}/message?token=${token}" \
+ -F "title=${title}" -F "message=${message}" > /dev/null
(DIR) diff --git a/src/inc/text/ssh-gotify.txt b/src/inc/text/ssh-gotify.txt
@@ -0,0 +1,13 @@
+ #!/bin/sh
+
+ baseurl="https://<gotify endpoint>"
+ token="XXX"
+
+ ip=`echo $SSH_CONNECTION | cut -d " " -f 1`
+ hostname=`hostname`
+
+ title="SSH login on $hostname"
+ message="$USER has logged in via SSH from $ip on $hostname"
+ logger -t ssh-wrapper $USER login from $ip
+ curl -s "${baseurl}/message?token=${token}" \
+ -F "title=${title}" -F "message=${message}" > /dev/null