feat: initial commit

docs/development/linters.md

@@ -0,0 +1,86 @@
+# Linter configs
+
+## ansible-lint
+
+```shell
+---
+
+exclude_paths:
+  - ".gitlab/*"
+  - ".gitlab-ci.yml"
+  - "defaults/main.yaml"
+  - "meta/main.yaml"
+  - "vars/*"
+
+kinds:
+  - playbook: "**/*.{yml,yaml}"
+
+skip_list:
+  - "command-shell"
+  - "experimental"
+  - "git-latest"
+  - "no-changed-when"
+  - "no-handler"
+  - "name[casing]"
+  - "name[template]"
+  - "risky-file-permissions"
+  - "schema[playbook]"
+  - "var-naming[no-role-prefix]"
+```
+
+## markdownlint
+
+```shell
+---
+
+default: true
+
+# MD013/line-length - line length
+MD013:
+  line_length: 120
+  tables: false
+
+# MD025/single-title/single-h1 - multiple top-level headings
+# (allow multiple top-level headings)
+MD025: false
+
+# MD033/no-inline-html - inline html
+MD033:
+  allowed_elements: ["br"]
+```
+
+## yamllint
+
+```shell
+---
+
+extends: "default"
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    forbid: true
+  comments:
+    min-spaces-from-content: 1
+  comments-indentation: false
+  empty-lines:
+    max: 2
+  indentation:
+    spaces: 2
+    check-multi-line-strings: true
+  line-length:
+    max: 120
+    allow-non-breakable-words: true
+    allow-non-breakable-inline-mappings: true
+  new-line-at-end-of-file: "enable"
+  octal-values:
+    forbid-implicit-octal: true
+    forbid-explicit-octal: true
+  truthy:
+    allowed-values:
+      - "false"
+      - "true"
+  quoted-strings:
+    quote-type: "any"
+    required: true
+```

docs/gitlab/ci.md

@@ -0,0 +1,82 @@
+# Gitlab CI
+
+## Import jobs
+
+```yaml
+---
+
+# gitLab ci stages
+stages:
+
+  # deployment
+  - "gitleaks"
+  - "linting"
+  - "deployment"
+
+# include jobs
+include:
+
+  # deployment
+  - local: ".gitlab/gitleaks.yaml"
+  - local: ".gitlab/linting.yaml"
+  - local: ".gitlab/deployment.yaml"
+```
+
+## Run a docker container
+
+```yaml
+---
+
+# linting
+linting:
+  stage: "linting"
+  image:
+    name: "cr.simoncor.net/siempie/ansible-deployment:latest"
+    entrypoint: ["/bin/sh", "-c"]
+  rules:
+
+    # run only on push to default branch
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+    - when: "never"
+
+  # start linting
+  script:
+    - "ansible-lint -c .ansible-lint ."
+```
+
+## Run a SSH command
+
+```yaml
+---
+
+# deploy ansible code
+deployment:
+  stage: "deployment"
+  image: "cr.simoncor.net/siempie/ssh-client:latest"
+  rules:
+
+    # run only on push to default branch
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH ==
+           $CI_DEFAULT_BRANCH'
+    - when: "never"
+
+  # prepare ssh
+  before_script:
+
+    - |
+        # prepare ssh
+        mkdir -p ~/.ssh
+        chmod 700 ~/.ssh
+        echo "$SSH_CONFIG" > ~/.ssh/config
+        echo "$SSH_DEPLOYMENT_KEY" > ~/.ssh/id_ed25519
+        chmod 600 ~/.ssh/id_ed25519
+
+  # deployment commands
+  script:
+
+    - |
+        # git cleanup
+        ssh $SSH_DEPLOYMENT_USER@$ANSIBLE_SERVER "sudo /usr/bin/git -C /etc/ansible reset --hard HEAD --quiet"
+        ssh $SSH_DEPLOYMENT_USER@$ANSIBLE_SERVER "sudo /usr/bin/git -C /etc/ansible clean -fx --exclude=secret.key"
+        ssh $SSH_DEPLOYMENT_USER@$ANSIBLE_SERVER "sudo /usr/bin/git -C /etc/ansible clean -fd"
+```

docs/index.md

@@ -0,0 +1,3 @@
+# Home
+
+Notes for stuff that is easily forgotten.

docs/linux/disk-management.md

@@ -0,0 +1,35 @@
+# Disk management
+
+### Show filesystems 
+
+```shell
+sudo df -h
+```
+
+Example output:
+
+```shell
+Filesystem      Size  Used Avail Use% Mounted on
+udev            456M     0  456M   0% /dev
+tmpfs            97M  9.4M   87M  10% /run
+/dev/vda1        19G  2.6G   16G  15% /
+tmpfs           481M     0  481M   0% /dev/shm
+tmpfs           5.0M     0  5.0M   0% /run/lock
+tmpfs            97M     0   97M   0% /run/user/1003
+```
+
+### List folders
+
+```shell
+du -h -d 1 | sort -h
+```
+
+Example output:
+
+```shell
+8.0K    ./.ansible
+8.0K    ./.config
+8.0K    ./.vim
+12K     ./.ssh
+172K    .
+```

docs/linux/journalctl.md

@@ -0,0 +1,13 @@
+# Journalctl
+
+Follow logs live
+
+```shell
+sudo journalctl -u sshd --follow
+```
+
+Cleanup logs
+
+```shell
+sudo journalctl --vacuum-size=1K
+```

docs/linux/packages.md

@@ -0,0 +1,23 @@
+# Packages and updates
+
+## Debian / Ubuntu
+
+Update and upgrade.
+
+```shell
+apt update
+apt upgrade -y
+```
+
+Default packages.
+
+```shell
+apt install -y sudo net-tools wget curl unzip htop vim
+```
+
+Autoremove and cleanup.
+
+```shell
+apt autoremove -y
+apt clean
+```

docs/proxmox/lxc.md

@@ -0,0 +1,33 @@
+# LXC
+
+## Show running LXC
+
+```shell
+sudo pct list
+```
+
+## GPU access
+
+Add the following to the config:
+
+```yaml
+lxc.cgroup2.devices.allow: c 226:0 rwm
+lxc.cgroup2.devices.allow: c 226:128 rwm
+lxc.cgroup2.devices.allow: c 29:0 rwm
+lxc.mount.entry: /dev/dri dev/dri none bind,optional,create=dir
+lxc.mount.entry: /dev/fb0 dev/fb0 none bind,optional,create=file
+```
+
+
+## Add mount point
+
+Add the following to the config:
+
+```shell
+mp10: /tank/media/downloads,mp=/mnt/media/downloads
+```
+
+```shell
+/tank/media/downloads = on the host
+/mnt/media/downloads  = in the container
+```

docs/proxmox/tips-and-tricks.md

@@ -0,0 +1,17 @@
+# Tips and Trics
+
+## Maintenance mode
+
+```shell
+sudo ha-manager crm-command node-maintenance enable pve0
+```
+
+```shell
+sudo ha-manager crm-command node-maintenance disable pve0
+```
+
+## Show running VMs
+
+```shell
+sudo qm list
+```

docs/tailscale/client.md

@@ -0,0 +1,30 @@
+# Client
+
+## Linux Install 
+
+```shell
+curl -fsSL https://tailscale.com/install.sh | sudo sh
+```
+
+## Connect with Headscale
+
+Manual authentication:
+
+```shell
+sudo tailscale up \
+    --login-server=https://vpn.mirahsimon.us \
+    --accept-routes \
+    --operator=simon \
+    --accept-dns
+```
+
+Key-based authentication:
+
+```shell
+sudo tailscale up \
+    --login-server=https://vpn.mirahsimon.us \
+    --accept-routes \
+    --operator=simon \
+    --accept-dns \
+    --auth-key=XXXXXXXXXXXXXXXXXXXXXX
+```