NiceRath

Notes for in-place migration of MySQL 5.7 to MariaDB 10.6

Removal of MySQL

apt remove mysql-apt-config
apt purge mysql-apt-config
apt remove mysql-server mysql-community-server mysql-community-client mysql-common mysql-client

NiceRath

Script to sync redundant boot paritions

Grub does not seem to support EFI boot on software raid (MD) yet. See: wiki.debian.org

Make sure the target disks (sda and sdb in this example) are empty and can be overwritten.

Install

Boot system from recovery image to install grub on two separate disks:

NiceRath

#!/usr/sbin/nft -f

# see also:
#  https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks
#  https://docs.kernel.org/networking/tproxy.html
#  https://powerdns.org/tproxydoc/tproxy.md.html
#  http://git.netfilter.org/nftables/commit/?id=2be1d52644cf77bb2634fb504a265da480c5e901
#  http://wiki.squid-cache.org/Features/Tproxy4
#  https://serverfault.com/questions/1052717/how-to-translate-ip-route-add-local-0-0-0-0-0-dev-lo-table-100-to-systemd-netw
#  https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/net/netfilter/nft_tproxy.c

NiceRath

#!/bin/bash

# target: squid-openssl 4.13 with listener "http_port 127.0.0.1:3129 tproxy"

# see also:
#   https://docs.kernel.org/networking/tproxy.html
#   https://blog.cloudflare.com/mmproxy-creative-way-of-preserving-client-ips-in-spectrum/
#   https://latest.gost.run/en/tutorials/redirect/#forwarding-chain_1

# you might need to enable some iptables/nftables kernel modules:

NiceRath

#!/usr/bin/env bash

set -eo pipefail

if [ -z "$1" ]
then
  echo "You need to supply the path to a certificate-directory to scan"
  exit 1
fi

NiceRath

#!/bin/bash

set -eo pipefail

# NOTES:
#   to use on backup files created by Google Takeout: https://support.google.com/accounts/answer/3024190?hl=en
#   creates lists of top N mail senders & distribution-lists @ /tmp
#   can be used to create Google Vault retentions to clean-up old mails or spam: https://support.google.com/vault/answer/2990828?hl=en

if [-z "$1" ]

NiceRath

#!/bin/bash

set -euo pipefail

# NOTES:
#  as Apple is not able to provide any good option to force updates on managed clients - you might want to notify users to install them
#  will be silent if no updates are available

# see also: https://ss64.com/osx/softwareupdate.html

NiceRath

#!/bin/bash

set -eE -o pipefail

# script to encrypt an existing LVM volume
# to move the encryption keys to a remote host - use: https://gist.github.com/NiceRath/65511409c8dbbbbb98ae6f1a668b7d5d

ENC_PATH='<PATH-TO-KEY-DIR>'
KEY_SIZE='8192'
PASS_FILE="${ENC_PATH}/<GPG-PASSPHRASE-FILE>"

NiceRath

#!/bin/bash

set -eE -o pipefail

# to create such a volume - use: https://gist.github.com/NiceRath/c794caa26a28fc90fc628a047648722b
# move the created key from <PATH-TO-KEY-DIR> to the remote host and securly delete them (p.e. using 'shred')
# run example: "bash /usr/local/sbin/cryptmount/cryptmount.sh vg0-lv1 crypt-lv1 /data"

ENC_LV_NAME="$1"
DECRYPT_LV_NAME="$2"

NiceRath

#!/bin/bash

set -eE -o pipefail

# to create such a volume - use: https://gist.github.com/NiceRath/c794caa26a28fc90fc628a047648722b

if [ $# -lt 3 ]
then
  cat << EOF
You must provide: