2020-11-04 22:35:10 +01:00
|
|
|
# Sysop
|
|
|
|
|
|
|
|
## Prometheus
|
|
|
|
|
|
|
|
### Reload config
|
|
|
|
|
|
|
|
:::shell
|
|
|
|
curl -X POST -u simon:$(pass sbruder.de/prometheus|head -n1) https://prometheus.sbruder.de/-/reload
|
|
|
|
|
|
|
|
### Remove certain time range from Prometheus
|
|
|
|
|
|
|
|
Requires [TSDB Admin APIs to be
|
|
|
|
enabled](https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis)
|
|
|
|
(`--web.enable-admin-api`)
|
|
|
|
|
|
|
|
:::shell
|
|
|
|
curl -u user:pass -X POST -g 'https://prometheus-endpoint/api/v1/admin/tsdb/delete_series?match[]=metric{label="foo"}&start=TIMESTAMP&end=TIMESTAMP
|
|
|
|
|
2021-04-02 17:43:22 +02:00
|
|
|
### Add synthetic alert to alertmanager
|
|
|
|
|
|
|
|
:::javascript
|
|
|
|
await fetch("/alertmanager/api/v1/alerts", {method: "POST", body: JSON.stringify([{ "labels": {"alertname": "testalert"}, "annotations": { "description": "manual test alert"}}])})
|
|
|
|
|
2020-11-04 22:35:10 +01:00
|
|
|
## OpenSSL
|
|
|
|
|
|
|
|
### Get certificate expiry date
|
|
|
|
|
|
|
|
:::shell
|
|
|
|
openssl s_client -connect hostname:443 2>& /dev/null <<< '' | openssl x509 -noout -dates
|
|
|
|
|
|
|
|
# starttls
|
|
|
|
openssl s_client -connect hostname:587 -starttls smtp 2>& /dev/null <<< '' | openssl x509 -noout -dates
|
|
|
|
|
|
|
|
## Docker
|
|
|
|
|
|
|
|
### List images by size
|
|
|
|
|
|
|
|
:::shell
|
|
|
|
docker image ls --format "table {{.Size}}\t{{.Repository}}:{{.Tag}}\t{{.ID}}"|sort -h
|
|
|
|
|
|
|
|
### Enable IPv6 NAT
|
|
|
|
|
|
|
|
Makes no sense on first and second thought, but after a while it seems like the
|
|
|
|
right thing.
|
|
|
|
|
|
|
|
`/etc/docker/daemon.json`:
|
|
|
|
|
|
|
|
:::json
|
|
|
|
{
|
|
|
|
"ipv6": true,
|
|
|
|
"fixed-cidr-v6": "fd00:d0ce:d0ce:d0ce::/64"
|
|
|
|
}
|
|
|
|
|
|
|
|
<!--
|
|
|
|
This is the right way, but since I did not get `netfilter-persistent` to work,
|
|
|
|
I have to use iptables.
|
|
|
|
|
|
|
|
:::shell
|
|
|
|
nft add table ip6 nat
|
|
|
|
nft add chain ip6 nat postrouting \{ type nat hook postrouting priority 100 \; \}
|
|
|
|
nft add rule ip6 nat postrouting ip6 saddr fd00:d0ce:d0ce:d0ce::/64 masquerade
|
|
|
|
-->
|
|
|
|
|
|
|
|
:::shell
|
|
|
|
ip6tables -t nat -A POSTROUTING -s fd00:d0ce:d0ce:d0ce::/64 -j MASQUERADE
|
|
|
|
ip6tables-save > /etc/iptables/rules.v6
|
|
|
|
|
|
|
|
Publishing a port will still use the userland proxy. If you do not want this,
|
|
|
|
have a look at <https://github.com/robbertkl/docker-ipv6nat>.
|
|
|
|
|
|
|
|
:::shell
|
|
|
|
docker run -d --restart=always -v /var/run/docker.sock:/var/run/docker.sock:ro --cap-drop=ALL --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_MODULE --net=host robbertkl/ipv6nat
|
|
|
|
|
|
|
|
## Misc
|
|
|
|
|
|
|
|
### Add swap file
|
|
|
|
|
|
|
|
:::shell
|
|
|
|
fallocate -l 1G /swapfile
|
|
|
|
chmod 600 /swapfile
|
|
|
|
mkswap /swapfile
|
|
|
|
swapon /swapfile
|