Christian Samsel csamsel

## esxi-snmp.sh
# set community name, change for maximum security
[root@oxygen-vmhost:~] esxcli system snmp set --communities public
# activate snmp
[root@oxygen-vmhost:~] esxcli system snmp set --enable true
# firewall policy defaults to deny
[root@oxygen-vmhost:~] esxcli network firewall ruleset set --ruleset-id snmp --allowed-all false
# allow specific ip range
[root@oxygen-vmhost:~] esxcli network firewall ruleset allowedip add --ruleset-id snmp --ip-address 192.168.2.0/24
# activate firewall rule set
[root@oxygen-vmhost:~] esxcli network firewall ruleset set --ruleset-id snmp --enabled true

## gist:a6bd13b0963bcdf2eaf34eea27632a4a
# parted /dev/sda
GNU Parted 3.2
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) rm 3
(parted) p
Model: VMware Virtual disk (scsi)
Disk /dev/sda: 32.2GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt

## dnscrypt-proxy.toml
listen_addresses = ['127.0.0.1:5300']
...
dnscrypt_servers = false
doh_servers = true
...
cache = false

...

server_names = ['cloudflare', 'cloudflare-ipv6']

## dnsmasq.conf
server=127.0.0.1#5300
no-resolv
no-poll
dnssec
dnssec-check-unsigned
conf-file=/usr/share/dnsmasq/trust-anchors.conf
domain-needed
expand-hosts
no-negcache
local-ttl=600

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                csamsel
                / keybase.md
            
            
              Created
              March 23, 2018 11:14
            
          
    Keybase proof

I hereby claim:

I am csamsel on github.
I am csamsel (https://keybase.io/csamsel) on keybase.
I have a public key ASDHrm4CEkXQuramKWPKoiKtLQ3uQwSVlMwUW54NSAGNCwo

To claim this, I am signing this object:

  
## raid-settings.sh
for i in sdb sdc sdd sde
do
  # activate TLER
  smartctl -q errorsonly -l scterc,70,70 /dev/$i
  # disable NCQ
  echo 1 > /sys/block/$i/device/queue_depth
done

## btrfs-raid10-notes.txt
assumptions:
/dev/sd[bcde]1 in Linux md (/dev/md0) RAID5/RAID6 mounted as /storage.
Less space used then capacity of one drive.

1.
stop all services accessing the array first.
Remounting the array ro might be a good idea (mount /dev/md0 -o remount,ro).

2.
remove one disk from array

## convert-ssl.sh
openssl rsa -outform der -in privkey.pem -out privkey.key
openssl x509 -outform der -in fullchain.pem -out fullchain.crt
openssl x509 -outform der -in cert.pem -out cert.crt

## wildcard.sh
certbot certonly --manual --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d *.domain.tld

## gist:d004b0242a98529353642d89b001bd55
find -L /etc/runlevels -type l -delete
	# set community name, change for maximum security
	[root@oxygen-vmhost:~] esxcli system snmp set --communities public
	# activate snmp
	[root@oxygen-vmhost:~] esxcli system snmp set --enable true
	# firewall policy defaults to deny
	[root@oxygen-vmhost:~] esxcli network firewall ruleset set --ruleset-id snmp --allowed-all false
	# allow specific ip range
	[root@oxygen-vmhost:~] esxcli network firewall ruleset allowedip add --ruleset-id snmp --ip-address 192.168.2.0/24
	# activate firewall rule set
	[root@oxygen-vmhost:~] esxcli network firewall ruleset set --ruleset-id snmp --enabled true
	# parted /dev/sda
	GNU Parted 3.2
	Using /dev/sda
	Welcome to GNU Parted! Type 'help' to view a list of commands.
	(parted) rm 3
	(parted) p
	Model: VMware Virtual disk (scsi)
	Disk /dev/sda: 32.2GB
	Sector size (logical/physical): 512B/512B
	Partition Table: gpt
	listen_addresses = ['127.0.0.1:5300']
	...
	dnscrypt_servers = false
	doh_servers = true
	...
	cache = false

	...

	server_names = ['cloudflare', 'cloudflare-ipv6']
	server=127.0.0.1#5300
	no-resolv
	no-poll
	dnssec
	dnssec-check-unsigned
	conf-file=/usr/share/dnsmasq/trust-anchors.conf
	domain-needed
	expand-hosts
	no-negcache
	local-ttl=600
	for i in sdb sdc sdd sde
	do
	# activate TLER
	smartctl -q errorsonly -l scterc,70,70 /dev/$i
	# disable NCQ
	echo 1 > /sys/block/$i/device/queue_depth
	done
	assumptions:
	/dev/sd[bcde]1 in Linux md (/dev/md0) RAID5/RAID6 mounted as /storage.
	Less space used then capacity of one drive.

	1.
	stop all services accessing the array first.
	Remounting the array ro might be a good idea (mount /dev/md0 -o remount,ro).

	2.
	remove one disk from array
	openssl rsa -outform der -in privkey.pem -out privkey.key
	openssl x509 -outform der -in fullchain.pem -out fullchain.crt
	openssl x509 -outform der -in cert.pem -out cert.crt