snippets
genpasswd
LC_CTYPE=C.UTF-8 tr -dc 'A-Za-z0-9=_-' < /dev/urandom | head -c 32 | xargs
ssh
ssh proxy in one port
ssh -L $LOCALPORT:$REMOTEADDR:$REMOTEPORT $JUMPHOST
ssh socks proxy
ssh -D 8080 $JUMPHOST
After that use socks-proxy config in browser to localhost:8080
ssh gen pub key
ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub
sed remove all comments from file
sed -e '/^[[:blank:]]*[#;]/d;s/#.*//' -e '/^[[:space:]]*$/d' $file
hex to base64
echo '0xE1CB04A0fA36DdD16a06ea828007E35e1a3cBC37' | sed 's?0x??' | tr '[[:upper:]]' '[[:lower:]]' | xxd -ps -r | base64
regex fqdn
^(?!:\/\/)(?=.{1,255}$)((.{1,63}\.){1,127}(?![0-9]*$)[a-z0-9-]+\.?)$
network
get all open ports on server devided with ,
ss -tulpn | awk '{print $5}' | awk -F: '{print $NF}' | grep -v Local | sort | uniq | paste -d, -s
get host's ip addr
hostname -I # all addresses
curl ifconfig.me # outer ip address
nmap to check open ports
nmap -Pn $ADDR -p $PORTS
vim
set mouse-=a
from root
:! echo 'set mouse-=a' >> $VIMRUNTIME/defaults.vim
add lines to file without editor
tee -a ~/.ssh/config << END
Host localhost
ForwardAgent yes
END
curl
curl write out format
{"http_code": %{http_code}, "time_namelookup": %{time_namelookup}, "time_connect": %{time_connect}, "time_appconnect": %{time_appconnect}, "time_pretransfer": %{time_pretransfer}, "time_redirect": %{time_redirect}, "time_starttransfer": %{time_starttransfer}, "time_total": %{time_total} }\n
or
curl -w @/Users/booger/occamfi/notes/_usefull/curl_write_out_format.txt -s -o/dev/null http://aeza.boogerman.xyz/joshuto.sh
arguments to script from curl
curl http://example.com/script.sh | bash -s -- arg1 arg2
bash
export .env
linux
export $(grep -v '^#' .env | xargs -d '\n')
macos
export $(grep -v '^#' .env | xargs -0)
bash locale problem
localedef -i en_US -f UTF-8 en_US.UTF-8
locale -a | grep UTF-8
locale-gen en_US.UTF-8
update-locale LANG=en_US.UTF-8
echo 'export LC_ALL=en_US.UTF-8' >> ~/.bashrc
echo 'export LANG=en_US.UTF-8' >> ~/.bashrc
source ~/.bashrc
Probably need to add to ssh config
Host your_remote_server
SendEnv LANG LC_*
for loop
https://www.cyberciti.biz/faq/bash-for-loop-array/
prep.sh
curl https://aeza.boogerman.xyz/prep.sh | bash
swap file
dd if=/dev/zero of=/swapfile bs=1024M count=4 && \
chmod 600 /swapfile && \
mkswap /swapfile && \
swapon /swapfile && \
swapon -s && \
echo '/swapfile swap swap defaults 0 0' | tee -a /etc/fstab
ranger / joshuto
install joshito
RELEASE_VER='v0.9.8' INSTALL_PREFIX="/usr/local/bin" bash <(curl -s https://raw.githubusercontent.com/kamiyaa/joshuto/master/utils/install.sh)
or
curl -L https://github.com/kamiyaa/joshuto/releases/download/v0.9.8/joshuto-v0.9.8-x86_64-unknown-linux-musl.tar.gz | tar zx --strip-components=1 -C /usr/local/bin/
or
curl https://aeza.boogerman.xyz/joshuto.sh | bash
config for joshuto
##TODO: make safe for that
du ncdu dust
curl -L https://github.com/bootandy/dust/releases/download/v1.1.1/du-dust_1.1.1-1_amd64.deb -O && dpkg -i du-dust_1.1.1-1_amd64.deb && rm du-dust_1.1.1-1_amd64.deb
tar zstd
tar c /home | nice -n1 zstd --long --adapt -T0 --auto-threads=logical -c > /srv/home.tar.zst
k8s
get all pod with namespaces
k get pod -A -o go-template='{{ range $depl := .items }}{{ .metadata.namespace }}/{{.metadata.name }};{{end}}' | awk -F';' '{for(i=1; i<=NF; i++) print $i}'
get all depl with namespaces
k get deployments.apps -A -o go-template='{{ range $depl := .items }}{{ .metadata.namespace }}/{{.metadata.name }};{{end}}' | awk -F';' '{for(i=1; i<=NF; i++) print $i}'
get all ingresses with namespaces
k get ingresses -A -o go-template='{{ range $depl := .items }}{{ .metadata.namespace }}/{{.metadata.name }};{{end}}' | awk -F';' '{for(i=1; i<=NF; i++) print $i}'
helm: delete resources which generated via helm chart
helm template rel-Name path/to/chart --namespace ns | kubectl delete -f -
helm template from unified
helm template --debug -n default app oci://registry.fulgur.tech/library/chart
kubectl start debian bash
c
kubectl delete pod handbash
apt update
apt install -y curl dnsutils netcat-openbsd traceroute
kubectl add tls cert
kubectl get secrets --field-selector=type=kubernetes.io/tls
kubectl create secret tls fulgur.io --cert=path/to/tls.crt --key=path/to/tls.key
kubectl move from old cluster
kubectl --context old_context -n namespace get secret some_secret -oyaml | grep -vE 'creationTimestamp|namespace|resourceVersion|uid' | kubectl --context new_context apply -f -
check later
https://github.com/stakater/Reloader
yq
yq install
export VERSION=v4.45.4 BINARY=yq_$( uname | tr '[[:upper:]]' '[[:lower:]]' )_amd64
curl -L https://github.com/mikefarah/yq/releases/download/$VERSION/$BINARY.tar.gz | tar xz && mv $BINARY /usr/bin/yq
yq delete comments
cat sample.yaml | yq eval '... comments=""'
jq
cat docker.images.json | jq -r '.[] | [.ID,.Repository] | @tsv'
jq try to parse
cat $file | jq -R '. as $line | try (fromjson) catch $line'
graphql request
curl -g \
-X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer 8c7dbd270cb98e83f9d8d57fb8a2ab7bac9d7501905fb013c69995ebf1b2a719" \
-d '{"query":"query{showCollection {items { title firstEpisodeDate lastEpisodeDate henshinMp4 { url }}}}"}' \
https://graphql.contentful.com/content/v1/spaces/mt0pmhki5db7
make
make help
help: ## Show this help
@printf "\033[33m%s:\033[0m\n" 'Available commands'
@awk 'BEGIN {FS = ":.*?## "} /^[[:alpha:][:punct:]]+:.*?## / {printf " \033[32m%-18s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
make list
do not insert it to makefile - cause recursiveness
make -npq : 2> /dev/null | awk -v RS= -F: '$1 ~ /^[^.#%]+$/ { print $1 }' | xargs
rust
rust minimal install
curl https://sh.rustup.rs -sSf | sh -s -- -y --profile minimal --default-toolchain stable
cargo clean cache
cargo install cargo-cache && cargo cache -a
tracing in rust
rustfmt.toml
tab_spaces = 4
hard_tabs = true
fn_params_layout = "Tall"
match_block_trailing_comma = true
optimizations
[profile.release]
opt-level = 3 # Highest optimization for speed (default in release, but explicit is fine).
lto = "fat" # Enables full link-time optimization for better inlining and dead code elimination across crates.
codegen-units = 1 # Reduces parallelism in codegen to allow more aggressive optimizations (increases compile time).
panic = "abort" # Aborts on panic instead of unwinding, reducing overhead and binary size.
strip = "symbols" # Strips debug symbols and unused code for a leaner binary.
bash
export .env with spaces
export $(grep -v '^#' .env | xargs -d '\n')
#!/bin/sh
## Usage:
## . ./export-env.sh ; $COMMAND
## . ./export-env.sh ; echo ${MINIENTREGA_FECHALIMITE}
unamestr=$(uname)
if [ "$unamestr" = 'Linux' ]; then
export $(grep -v '^#' .env | xargs -d '\n')
elif [ "$unamestr" = 'FreeBSD' ] || [ "$unamestr" = 'Darwin' ]; then
export $(grep -v '^#' .env | xargs -0)
fi
date with most universe format
date '+%FT%T.%N%:z'
bash history keep more
# ~/.bashrc
export HISTTIMEFORMAT="%h %d %H:%M:%S "
export HISTSIZE=5000
export HISTFILESIZE=5000
shopt -s histappend
export PROMPT_COMMAND='history -a'
golnag
golang install
export VERSION=1.24.1 && mkdir -p /opt/go/$VERSION | curl -L https://go.dev/dl/go${VERSION}.linux-amd64.tar.gz | tar -xz -C /opt/go/${VERSION} && echo "export PATH=$PATH:/opt/go/$VERSION/go/bin" >> ~/.bashrc && source ~/.bashrc && go version
nginx
nginx basic auth
location / {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
}
ingress controller logs parser in loki
nginx log regex https://regex101.com/r/eDdwzW/1
^(?P<client_ip>\S+) - (?P<remote_user>\S+) \[(?P<time_local>[^\]]+)\] "(?P<request>(?P<request_method>\S+) (?P<request_uri>\S+) (?P<request_httpv>\S+))?" (?P<status>\d+) (?P<body_bytes_sent>\d+) "(?P<http_referer>[^"]+)" "(?P<http_user_agent>[^"]+)" (?P<request_length>\d+) (?P<request_time>\d+\.\d+) \[(?P<proxy_upstream_name>\S+)?\] \[(?P<proxy_alternative_upstream_name>\S+)?\] (?P<upstream_addr>\S+(\-)?) ((?P<upstream_response_length>\d+)|-) ((?P<upstream_response_time>\d+\.\d+)|\-) ((?P<upstream_status>\d+)|-) (?P<req_id>\S+)
nginx conditional logging
map $status $loggable {
~^[23] 0;
default 1;
}
access_log /path/to/access.log main if=$loggable;
nginx logrotate
/var/log/nginx/*.log {
hourly
maxsize 500M
dateext
missingok
rotate 72
compress
#delaycompress
notifempty
create 0640 root root
sharedscripts
compresscmd /usr/bin/zstd
uncompresscmd /usr/bin/unzstd
compressoptions -9 --long -T0
compressext .zst
postrotate
/usr/bin/docker exec nginx-balancer nginx -s reload
endscript
}
openssl htaccess
printf "sbt-indexer:$(openssl passwd -apr1 cBGuVZz3rmGegcfjVPMkSu8F)\n" | tee -a /etc/nginx/.htpasswd
git
git archive
git archive --format tar.gz -o archive.tar.gz HEAD
git tags
git tag --sort=committerdate -l 'v*'
git ls-remote --tags origin
git checkout tag
git fetch --all --tags
git checkout tags/v1.0 -b v1.0-branch
git keep credentials to https
git config --global credential.helper store
git fetch
git latest tag
git tag --sort=committerdate | grep -E '[0-9]' | tail -1
git largest objects in history
git rev-list --objects --all --missing=print |
git cat-file --batch-check='%(objecttype) %(objectname) %(objectsize) %(rest)' |
sed -n 's/^blob //p' |
sort --numeric-sort --key=2 |
cut -c 1-12,41- |
$(command -v gnumfmt || echo numfmt) --field=2 --to=iec-i --suffix=B --padding=7 --round=nearest |
tail -30
.git/info/exclude
The TL;DR answer is that neither .git/info/exclude nor .gitignore have any effect on a tracked file. Using git update-index --skip-worktree (or --assume-unchanged) just make Git stop comparing the index version to the work-tree version.
nice every process for user
/etc/security/limits.conf
user hard priority 1
ipv6
preffer ipv4 addresses
resolve problem when curl or another http client trying to resolve name to ip and get ipv6 that can be not accessable
/etc/gai.conf
label ::1/128 0
label ::/0 1
label 2002::/16 2
label ::/96 3
label ::ffff:0:0/96 4
precedence ::1/128 50
precedence ::/0 40
precedence 2002::/16 30
precedence ::/96 20
precedence ::ffff:0:0/96 100
docker
restarted runners
docker ps | grep runner | grep Rest | cut -d' ' -f1 | xargs -L1 docker inspect | jq -r '.[]| .Config.Env[]' | grep REPO | tee >(wc -l)
docker compose resources limits
version: "3.8"
services:
redis:
image: redis:alpine
deploy:
resources:
limits:
cpus: '0.01'
memory: 1000M
docker manifest
check that image exists on registry before build (from)
docker manifest inspect registry.domain.com/repo/image:tag
nodejs
start node js container in app dir
docker run -v "$(pwd)":/app -w /app -it --rm --entrypoint /bin/bash node:22.14
npm install -g pnpm@10.3.0 turbo@2.5.0
nodejs memory issue
export NODE_OPTIONS=--max-old-space-size=8192
# retry
python
python parse http response date
#datetime.datetime.strptime('Wed, 23 Sep 2009 22:15:29 GMT', '%a, %d %b %Y %H:%M:%S GMT')
resp = requests.get(URL)
date_str = resp.headers["Date"]
_dt = datetime.strptime(self.lastBlockTime_str, '%a, %d %b %Y %H:%M:%S GMT')
prom_timestamp = _dt.timestamp() * 1000
ip addresses pool
>>> import ipaddress
>>> [str(ip) for ip in ipaddress.IPv4Network('192.0.2.0/28')]
['192.0.2.0', '192.0.2.1', '192.0.2.2',
'192.0.2.3', '192.0.2.4', '192.0.2.5',
'192.0.2.6', '192.0.2.7', '192.0.2.8',
'192.0.2.9', '192.0.2.10', '192.0.2.11',
'192.0.2.12', '192.0.2.13', '192.0.2.14',
'192.0.2.15']
grafana
loki
count_over_time({cluster="proheku"}[1m])
github
clean workflow dir
- uses: eviden-actions/clean-self-hosted-runner@v1
if: ${{ always() }}
aws
ecr
export REGION=eu-central-1
export ACCOUNT=`aws sts get-caller-identity | jq -r .Account`
docker build -t ${ACCOUNT}.dkr.ecr.${REGION}.amazonaws.com/${REPO} .
aws ecr get-login-password --region ${REGION} | docker login --username AWS --password-stdin ${ACCOUNT}.dkr.ecr.${REGION}.amazonaws.com
docker push ${ACCOUNT}.dkr.ecr.${REGION}.amazonaws.com/${REPO}
s3 find by name in bucket
aws s3api list-objects --bucket $BUCKET_NAME --query "Contents[?contains(Key, '$FILENAME')]"
Find files modified on a given date
aws s3api list-objects --bucket $BUCKET_NAME --query "Contents[?contains(LastModified) < '2023-06-12')]"
Find files modified between given times
aws s3api list-objects --bucket $BUCKET_NAME --query "Contents[?LastModified > '2017-08-03T23' && LastModified < '2017-08-03T23:15']"
debian
noninteractive apt
export DEBIAN_FRONTEND=noninteractive && apt update && apt install -y --no-install-recommends pv file curl vim make jq ripgrep
apt mark do not update
apt-mark hold locales && apt update && apt install -y --no-install-recommends build-essential && apt-mark unhold locales
Force Apt-Get to IPv4 or IPv6 on Ubuntu or Debian
apt-get -o Acquire::ForceIPv4=true update
apt-get -o Acquire::ForceIPv6=true update
Persistent option
sudoedit /etc/apt/apt.conf.d/99force-ipv4
# Put the following contents in it:
Acquire::ForceIPv4 "true";
Vim
vim as default editor
sudo update-alternatives --set editor /usr/bin/vim.basic
some usefull vim config
echo 'syntax on\nfiletype plugin indent on\nset mouse-=a\nautocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab' > /etc/vim/vimrc.local
problems with virtio_net
/etc/initramfs-tools/modules
virtio_pci
virtio_blk
virtio_net
then running sudo update-initramfs -u
then rebooting
ubuntu
delete snap
snap list
### delete all snaps with
sudo snap remove --purge {}
sudo snap remove --purge bare
sudo snap remove --purge core20
sudo snap remove --purge snapd
sudo apt remove --autoremove snapd
sudo tee -a /etc/apt/preferences.d/nosnap.pref <<EOF
Package: snapd
Pin: release a=*
Pin-Priority: -10
EOF
dmesg from journalctl
journalctl -b
mysql
install on debian
export DEBIAN_FRONTEND=noninteractive \
&& apt update && apt install -y wget gnupg lsb-release && wget https://dev.mysql.com/get/mysql-apt-config_0.8.29-1_all.deb && dpkg -i ./mysql-apt-config_0.8.29-1_all.deb && apt update && apt install -y mysql-client
get size of databases
SELECT table_schema "DB Name",
ROUND(SUM(data_length + index_length) / 1024 / 1024, 1) "DB Size in MB"
FROM information_schema.tables
GROUP BY table_schema;
show tables
show tables;
select to kill client connections
SELECT
CONCAT('KILL ', id, ';')
FROM INFORMATION_SCHEMA.PROCESSLIST
WHERE `User` = 'some_user'
AND `Host` = '192.168.1.1'
AND `db` = 'my_db';
redis
install redis-cli on debian
sudo apt-get install redis-tools
hetzner
use nat to access ipv4 egress
xml format
cat $some_xml_file | xmllint --format -
clickhouse
select size of tables/databases
select
parts.*,
columns.compressed_size,
columns.uncompressed_size,
columns.ratio
from (
select database,
table,
formatReadableSize(sum(data_uncompressed_bytes)) AS uncompressed_size,
formatReadableSize(sum(data_compressed_bytes)) AS compressed_size,
sum(data_compressed_bytes) / sum(data_uncompressed_bytes) AS ratio
from system.columns
group by database, table
) columns right join (
select database,
table,
sum(rows) as rows,
max(modification_time) as latest_modification,
formatReadableSize(sum(bytes)) as disk_size,
formatReadableSize(sum(primary_key_bytes_in_memory)) as primary_keys_size,
any(engine) as engine,
sum(bytes) as bytes_size
from system.parts
where active
group by database, table
) parts on ( columns.database = parts.database and columns.table = parts.table )
order by parts.bytes_size desc;
fail2ban
$ sudo cat /etc/fail2ban/jail.local
[sshd]
+ backend=systemd
enabled = true
mdbook
docs about book - https://rust-lang.github.io/mdBook/index.html
mermaid
flowchart LR
classDef done fill:#2f2,stroke:#111,color:#111,stroke-width:4px;
classDef inwork fill:#882,stroke:#111,color:#111,stroke-width:4px;
classDef conf fill:#55f,stroke:#111,color:#111,stroke-width:4px;
undone -->
conf:::conf -->
serv:::inwork -->
done:::done
ansible
adhoc copy file
ansible all --module-name copy --args "src=/tmp/foo.txt dest=/tmp/foo.txt remote_src=true"
macos
sudo powermetrics | grep "CPU Average frequency as fraction of nominal"