Merge branch 'main' of git.lan:repositories/bare/oam.public

knowledge base/apt.md

@@ -71,6 +71,12 @@ apt-check policy 'boinc-client'
 # Reconfigure packages.
 sudo dpkg-reconfigure 'mariadb-server'
 sudo dpkg-reconfigure -p 'low' 'unattended-upgrades'
+
+# Stop installing recommended and suggested packages.
+cat > /etc/apt/apt.conf.d/99norecommend << EOF
+APT::Install-Recommends "0";
+APT::Install-Suggests "0";
+EOF
 ```
 
 ## Automate security upgrades
@@ -97,6 +103,12 @@ See [Apt configuration] for more information.
 APT::Default-Release "stable";
 ```
 
+```txt
+# /etc/apt/apt.conf.d/99norecommend
+APT::Install-Recommends "0";
+APT::Install-Suggests "0";
+```
+
 ```txt
 # /etc/apt/apt.conf.d/99parallel-fetch
 APT::Acquire::Queue-Mode "access";

knowledge base/azure/cli.md

@@ -17,9 +17,10 @@ Queries (`az … --query …`) use the [JMESPath] query language for JSON.
 ```sh
 # Install the CLI.
 pip install 'azure-cli'
+pipx install 'azure-cli'
 brew install 'azure-cli'
 asdf plugin add 'azure-cli' && asdf install 'azure-cli' '2.43.0'
-docker run -it -v "${HOME}/.ssh:/root/.ssh" 'mcr.microsoft.com/azure-cli'
+docker run -v "${HOME}/.azure:/root/.azure" 'mcr.microsoft.com/azure-cli:2.40.0'
 
 # Disable certificates check upon connection.
 # Use it for proxies with doubtful certificates.

knowledge base/grafana.md

@@ -140,6 +140,7 @@ $ curl -sS \
 | Name               | Grafana ID | URLs                                                                                                                                                                                           |
 | ------------------ | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | Node exporter full | 1860       | [grafana](https://grafana.com/grafana/dashboards/1860-node-exporter-full/), [github raw](https://raw.githubusercontent.com/rfmoz/grafana-dashboards/master/prometheus/node-exporter-full.json) |
+| OpenWRT            | 11147      | [grafana](https://grafana.com/grafana/dashboards/11147-openwrt/)                                                                                                                               |
 
 ## Further readings
 

knowledge base/lxc.md

@@ -19,17 +19,20 @@ ls '/usr/share/lxc/templates'
 # List the options supported by templates.
 lxc-create -t 'download' -h
 
-# Create new containers.
+# Create containers.
 # Use the 'download' template to choose from a list of distribution.
-lxc-create -n 'nas' --template 'download'
+lxc-create -n 'nas' -t 'download'
+lxc-create --name 'nas' --template 'download' -- \
+  --server 'images.linuxcontainers.org'
 
+# Create containers non-interactively.
 # Values are case sensitive and depend from what is on the server.
-lxc-create -n 'pi-hole' -t 'download' -- \
-  --server 'images.linuxcontainers.org' \
-  --dist 'debian' --release 'bullseye' --arch 'armhf' --variant 'cloud'
-lxc-create -n 'git' -t 'download' -- \
+lxc-create -n 'alpine' -t 'download' -- -d 'Alpine' -r '3.18' -a 'armv7l'
+lxc-create --name 'pi-hole' --template 'download' -- \
   --server 'repo.turris.cz/lxc' \
-  -d 'Debian' -r 'Bullseye' -a 'armv7l'
+  --dist 'Ubuntu' --release 'Focal' --arch 'armv7l'
+lxc-create … -t 'download' -- -d 'debian' -r 'bookworm' -a 'amd64' \
+  --server 'images.linuxcontainers.org'
 
 # Start containers.
 lxc-start -n 'pi-hole'

knowledge base/pipx.md

@@ -39,6 +39,9 @@ pipx upgrade 'pip-autoremove'
 
 # Upgrade all installed applications.
 pipx upgrade-all
+
+# Remove installed applications.
+pipx uninstall 'azure-cli'
 ```
 
 ## Further readings

knowledge base/turris os.md

@@ -15,10 +15,10 @@ Linux distribution based on top of OpenWrt. Check the [website] for more informa
    1. [Start containers](#start-containers)
    1. [Execute a shell into containers](#execute-a-shell-into-containers)
    1. [Start containers at boot](#start-containers-at-boot)
-   1. [Examples](#examples)
-      1. [CFEngine hub](#cfengine-hub)
-      1. [Git server](#git-server)
-      1. [Pi-hole](#pi-hole)
+   1. [Example: cfengine hub](#example-cfengine-hub)
+   1. [Example: git server](#example-git-server)
+   1. [Example: monitoring](#example-monitoring)
+   1. [Example: pi-hole](#example-pi-hole)
 1. [Hardening](#hardening)
 1. [The SFP+ caged module](#the-sfp-caged-module)
    1. [Use the SFP module as a LAN port](#use-the-sfp-module-as-a-lan-port)
@@ -71,9 +71,18 @@ reboot
 # Gracefully shutdown the device.
 poweroff
 
+# List available LXC container images.
+# Default source is 'repo.turris.cz/lxc'.
+lxc-create -n 'test' -t 'download'; lxc-destroy -n 'test'
+lxc-create … -t 'download' -- --server 'images.linuxcontainers.org'
+
 # Create LXC containers.
-lxc-create --name 'ubuntu-focal' --template 'download' -- --dist 'Ubuntu' --release 'Focal' --arch 'armv7l' --server 'repo.turris.cz/lxc'
-lxc-create … -t 'download' -- --dist 'debian' --release 'bullseye' --arch 'armhf' --server 'images.linuxcontainers.org'
+# Default source is 'repo.turris.cz/lxc'.
+# Values are case sensitive and depend from what is on the server.
+lxc-create -n 'alpine' -t 'download' -- -d 'Alpine' -r '3.18' -a 'armv7l'
+lxc-create --name 'ubuntu-focal' --template 'download' -- \
+  --server 'repo.turris.cz/lxc' \
+  --dist 'Ubuntu' --release 'Focal' --arch 'armv7l'
 
 # List snapshots.
 schnapps list
@@ -181,13 +190,18 @@ Unless otherwise specified:
 In shell:
 
 ```sh
+# List available LXC container images.
 # Default source is 'repo.turris.cz/lxc'.
-# Values for the template options are case sensitive.
-lxc-create --name 'test' --template 'download'
-lxc-create -n 'git' -t 'download' -- -d 'Debian' -r 'Bullseye' -a 'armv7l'
-lxc-create -n 'pi-hole' -t 'download' --
-  --server 'images.linuxcontainers.org' \
-  --dist 'debian' --release 'bullseye' --arch 'armhf'
+lxc-create -n 'test' -t 'download'; lxc-destroy -n 'test'
+lxc-create … -t 'download' -- --server 'images.linuxcontainers.org'
+
+# Create LXC containers.
+# Default source is 'repo.turris.cz/lxc'.
+# Values are case sensitive and depend from what is on the server.
+lxc-create -n 'pi-hole' -t 'download' -- -d 'Debian' -r 'Bullseye' -a 'armv7l'
+lxc-create --name 'pi-hole' --template 'download' -- \
+  --server 'repo.turris.cz/lxc' \
+  --dist 'Ubuntu' --release 'Focal' --arch 'armv7l'
 ```
 
 Using the WebUI:
@@ -257,16 +271,15 @@ config container
   option timeout 60
 ```
 
-### Examples
+### Example: cfengine hub
 
-#### CFEngine hub
-
-> CFEngine does not seem to support 32bits ARM processors (but it does support arm64) anymore.
+> CFEngine does not seem to support 32bits ARM processors anymore (but it does support arm64).<br/>
+> Still, since I am using a 32bit processor this is not doable for me.
 
 <details>
   <summary>Old installation test</summary>
 
-  > This procedure assumes an LXC container based upon Debian Bullseye.
+  > This procedure assumes you are using an LXC container based on the Debian Bullseye image.
 
   ```sh
   # Set the correct hostname.
@@ -283,9 +296,9 @@ config container
 
 </details>
 
-#### Git server
+### Example: git server
 
-> This procedure assumes an LXC container based upon Debian Bullseye.
+> This procedure assumes you are using an LXC container based on the Debian Bullseye image.
 
 ```sh
 # Set the correct hostname.
@@ -321,9 +334,45 @@ chsh 'git' -s "$(which 'git-shell')"
 exit
 ```
 
-#### Pi-hole
+### Example: monitoring
 
-> This procedure assumes an LXC container based upon Debian Bullseye.
+> This procedure assumes you are using an LXC container based on the Debian Bullseye image.
+
+```sh
+# Set the correct hostname.
+hostnamectl set-hostname 'monitoring'
+
+# Install the requirements
+DEBIAN_FRONTEND='noninteractive' apt-get install --assume-yes 'unattended-upgrades' 'wget'
+
+# Stop installing recommended and suggested packages.
+cat > /etc/apt/apt.conf.d/99norecommend << EOF
+APT::Install-Recommends "0";
+APT::Install-Suggests "0";
+EOF
+
+# Add Grafana's repository with its key.
+wget -q -O /usr/share/keyrings/grafana.key https://apt.grafana.com/gpg.key
+echo "deb [signed-by=/usr/share/keyrings/grafana.key] https://apt.grafana.com stable main" | tee -a /etc/apt/sources.list.d/grafana.list
+
+# Install Prometheus and Grafana.
+apt update
+DEBIAN_FRONTEND='noninteractive' apt-get install --assume-yes 'grafana-enterprise' 'prometheus'
+
+# Configure Prometheus and Grafana.
+# See the '/docker/monitoring' example.
+
+# Enable the services.
+systemctl enable 'grafana-server.service'
+systemctl enable 'prometheus.service'
+
+# All done!
+exit
+```
+
+### Example: pi-hole
+
+> This procedure assumes you are using an LXC container based on the Debian Bullseye image.
 
 See [Installing pi-hole on Turris Omnia], [Install Pi-hole] and [Pi-Hole on Turris Omnia] for details.
 

knowledge base/wake a host from lan.md

@@ -5,11 +5,17 @@ The host needs to support wake-on-LAN and have it enabled.
 ## Table of contents <!-- omit in toc -->
 
 1. [TL;DR](#tldr)
+1. [Further readings](#further-readings)
 1. [Sources](#sources)
 
 ## TL;DR
 
-See [`wakeonlan`][wakeonlan].
+See [`wakeonlan`][wakeonlan] or [`wol`][wol].
+
+## Further readings
+
+- [`wakeonlan`][wakeonlan]
+- [`wol`][wol]
 
 ## Sources
 
@@ -29,3 +35,4 @@ All the references in the [further readings] section, plus the following:
 
 <!-- Others -->
 [how to wake up computers using linux by sending magic packets]: https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html
+[wol]: https://sourceforge.net/projects/wake-on-lan/

scripts/turris-os.create-container.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+lxc-create -n 'alpine' -t 'download' -- -d 'Alpine' -r '3.18' -a 'armv7l'
+
+uci add dhcp host
+uci set dhcp.@host[-1].name='alpine'
+uci set dhcp.@host[-1].mac="$(grep 'hwaddr' '/srv/lxc/alpine/config' | sed 's/.*= //')"
+uci set dhcp.@host[-1].ip='192.168.111.2'
+uci commit 'dhcp'
+reload_config
+luci-reload

scripts/turris-os.start-container-at-boot.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+cat <<EOF | tee -a '/etc/config/lxc-auto'
+config container
+	option name alpine
+	option timeout 60
+EOF