wiki/docs/sysop.md
Simon Bruder 7cc20db4db
All checks were successful
continuous-integration/drone/push Build is passing
Initial commit
2020-11-05 12:04:06 +01:00

2.1 KiB

Sysop

Prometheus

Reload config

:::shell
curl -X POST -u simon:$(pass sbruder.de/prometheus|head -n1) https://prometheus.sbruder.de/-/reload

Remove certain time range from Prometheus

Requires TSDB Admin APIs to be enabled (--web.enable-admin-api)

:::shell
curl -u user:pass -X POST -g 'https://prometheus-endpoint/api/v1/admin/tsdb/delete_series?match[]=metric{label="foo"}&start=TIMESTAMP&end=TIMESTAMP

OpenSSL

Get certificate expiry date

:::shell
openssl s_client -connect hostname:443 2>& /dev/null <<< '' | openssl x509 -noout -dates

# starttls
openssl s_client -connect hostname:587 -starttls smtp 2>& /dev/null <<< '' | openssl x509 -noout -dates

Docker

List images by size

:::shell
docker image ls --format "table {{.Size}}\t{{.Repository}}:{{.Tag}}\t{{.ID}}"|sort -h

Enable IPv6 NAT

Makes no sense on first and second thought, but after a while it seems like the right thing.

/etc/docker/daemon.json:

:::json
{
  "ipv6": true,
  "fixed-cidr-v6": "fd00:d0ce:d0ce:d0ce::/64"
}
:::shell
ip6tables -t nat -A POSTROUTING -s fd00:d0ce:d0ce:d0ce::/64 -j MASQUERADE
ip6tables-save > /etc/iptables/rules.v6

Publishing a port will still use the userland proxy. If you do not want this, have a look at https://github.com/robbertkl/docker-ipv6nat.

:::shell
docker run -d --restart=always -v /var/run/docker.sock:/var/run/docker.sock:ro --cap-drop=ALL --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_MODULE --net=host robbertkl/ipv6nat

Misc

Add swap file

:::shell
fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile