rename blog dir

14 files changed, 868 insertions, 0 deletions

diff --git a/00_blog/00015_Admin/00005_Notes-on-Hosting/index.md b/00_blog/00015_Admin/00005_Notes-on-Hosting/index.md
new file mode 100644
index 0000000..1345bf4
--- /dev/null
+++ b/00_blog/00015_Admin/00005_Notes-on-Hosting/index.md
@@ -0,0 +1,53 @@
+# Miscellanous Notes on Server Hosting specifics
+
+## LUKS container over sshfs
+
+* enable user\_allow\_other in /etc/fuse.conf
+* sshfs -o allow\_root user@server:/BACKUPS/ ~/mnt/
+* dd if=/dev/urandom of=~/mnt/megaloman bs=1M count=512
+* sudo cryptsetup -y luksFormat ~/mnt/megaloman
+* sudo cryptsetup luksOpen ~/mnt/megaloman vol1
+* sudo mkfs.ext4 /dev/mapper/vol1
+* sudo mount /dev/mapper/vol1 /mnt
+* df -h | grep vol1
+* sudo umount /mnt
+* sudo cryptsetup luksClose vol1
+* fusermount -u ~/mnt
+
+NOTE: backup your data example use : rsync -a –info=progress2 source dist
+
+## Ownlcoud
+
+### Mounting Ownclouds DavFS
+
+    $ apt-get install davfs2
+
+    * since owncloud seems to have problems with locks, edit /etc/davfs2/davfs2.conf and set use_locks to 0 in order to allow creating files (as well as probably writing)
+
+    $ mount -t davfs https://secure.sf.com/owncloud/remote.php/webdav /mnt/
+
+### rescan/rebuild ownlocud files database
+
+    inside ownlcoud  directory run:
+    sudo -u www-owncloud php console.php files:scan –all
+
+## Postfix
+
+We want to handle different domains on a single postfix server and have virtual users along real unix users.
+For the virtual users we use uid/gid 5000.
+
+Relevant config files are:
+
+    /etc/postfix/master.cf
+    /etc/postfix/main.cf
+    /etc/postfix/smtpd_sender_login_maps (tells which emails belong to which login)
+    /etc/postfix/vmailbox (sepcifies our VIRTUAL mailboxes and the names of the spoolfiles)
+    /etc/postfix/virtual (aliases for our local unix users)
+    /etc/dovecot/users (specifies the logins, passwords, home directories,..)
+    /etc/dovecot/conf.d/10-mail (set inbox and mailbox dirs)
+
+Be careful about the permissions of the different folders, so uid/gid 5000, postfix and dovecot can access as relevant.
+
+A very nice tutorial on setting up postfixadmin can be found here: 
+
+    https://lelutin.ca/posts/installing_postfix_-_clamav_-_spamassassin_-_dovecot_-_postfixadmin_on_debian_squeeze/
diff --git a/00_blog/00015_Admin/00008_Docker/index.md b/00_blog/00015_Admin/00008_Docker/index.md
new file mode 100644
index 0000000..b7bc5c0
--- /dev/null
+++ b/00_blog/00015_Admin/00008_Docker/index.md
@@ -0,0 +1,14 @@
+# Docker Volume Backup
+
+Identify volume:
+
+    $ docker inspect my_container_name | grep -C 1 -i Source
+
+Backup the directory to a tar file:
+
+    $ docker run –rm –volumes-from my_container_name -v $(pwd):/backup ubuntu tar cvf /backup/backup_db.tar /var/lib/mysql
+
+Restore the volume:
+
+    $ docker run –rm –volumes-from my_container_name -v $(pwd):/backup ubuntu bash -c "cd /var/lib/mysql && tar xvf /backup/backup_db.tar –strip 1"
+
diff --git a/00_blog/00015_Admin/00010_Various-Cheat-Sheets/00105_GNU-Screen-Multiplexer-Keyboard-Shortcuts/index.md b/00_blog/00015_Admin/00010_Various-Cheat-Sheets/00105_GNU-Screen-Multiplexer-Keyboard-Shortcuts/index.md
new file mode 100644
index 0000000..80b24b1
--- /dev/null
+++ b/00_blog/00015_Admin/00010_Various-Cheat-Sheets/00105_GNU-Screen-Multiplexer-Keyboard-Shortcuts/index.md
@@ -0,0 +1,43 @@
+GNU Screen - Keyboard Shortcuts
+=============================================
+
+Invocation
+----------
+    $ screen [-S session_name]  # simply start new session
+    $ screen -ls  # lists sessions
+    $ screen -r session_name # resume detached session
+    $ screen -d -R session_name # resume session (also detach or create)
+    $ screen -d -RR #resume first session
+    
+Shortcuts
+---------
+    ctrl-a c     NEW WINDOW
+    ctrl-a n / ctrl-a p  NEXT/PREVIOUS
+    ctrl-a d DETACH
+    ctrl-a D D  DETACH and LOGOUT
+    
+    ctrl-a S SPLIT HORIZ.
+    ctrl-a | SPLIT VERTICAL
+    ctrl-a tab NEXT REGION
+    ctrl-x REMOVE REGION
+    ctrl-a q REMOVE ALL OTHER REGIONS
+    ctrl-a F FIT WINDOW
+    
+    ctrl-a c CLEAR SCREEN
+    ctrl-a k KILL WINDOW
+    ctrl-a \ QUIT
+    
+    ctrl-a esc COPY/SCROLLBACK MODE
+    
+Layout Commands
+---------------
+    ctrl-a :    #enter command mode
+    :layout new [title]
+    :layout remove [n|title]
+    :layout next
+    :layout prev
+    :layout show #list layouts
+    
+Reference
+---------
+    [1] $ man screen
diff --git a/00_blog/00015_Admin/00010_Various-Cheat-Sheets/00110_Midnight-Commander-Cheatsheet/index.md b/00_blog/00015_Admin/00010_Various-Cheat-Sheets/00110_Midnight-Commander-Cheatsheet/index.md
new file mode 100644
index 0000000..eedc66a
--- /dev/null
+++ b/00_blog/00015_Admin/00010_Various-Cheat-Sheets/00110_Midnight-Commander-Cheatsheet/index.md
@@ -0,0 +1,61 @@
+###>>>KWD midnight commander cheatsheet, mc cheatsheet, mc shortcuts, midnight commander shortcuts
+###>>>DSC Cheatsheet for Midnight Commander summarizing the most useful shortcuts.
+Midnight Commander Cheatsheet
+=============================
+
+A short cheat-sheet summarizing midnight commander's most useful shortcut keys. 
+
+Basic Navigation
+----------------
+    tab         switch active panel
+    up/down     select previous/next rown
+    return      open selected directory
+    alt-o       open selected directory on other panel
+
+View
+----
+    alt-.       toggle hidden files
+    ctrl-o      toggle console
+    alt-t       toggle listing mode
+    alt-i       sync with other panel
+    ctrl-u      swap panels
+
+Miscellaneous
+-------------
+    shift-f6                    rename, filling in the current filename
+    insert/ctrl-t/+/\/*         selections
+    esc-tab                     auto complete
+    ctrl-enter / alt-enter      copy currently selected filename to console
+    Ctrl + Shift + Enter        copy full path
+
+    alt-shift-h                 show dir history
+    alt-y/alt-u                 navigate history
+
+    alt+?/alt-s/ctrl-s	        searches
+
+    ctrl-space		        calculte size
+    ctrl - x c	                chmod
+    ctrl - x o	                chown
+
+Troubleshooting / Extras
+------------------------
+Adding this to your _.bashrc_ will let _mc_ stay in the current directory after exiting:
+
+    alias mc='. /usr/libexec/mc/mc-wrapper.sh'
+
+I run _midgnight commander_ inside _tmux_ and the shifted function keys did not work as
+expected. Use midnight commanders _Learn Keys_ dialog to fix this.
+
+Set default viewer for pdf:
+
+	xdg-mime default evince.desktop application/pdf
+
+Set default editor: 
+
+	alias mc='EDITOR=vim'
+
+Reference
+---------
+
+* http://klimer.eu/2015/05/01/use-midnight-commander-like-a-pro/
+* man mc
diff --git a/00_blog/00015_Admin/00010_Various-Cheat-Sheets/00120_GDB/index.md b/00_blog/00015_Admin/00010_Various-Cheat-Sheets/00120_GDB/index.md
new file mode 100644
index 0000000..5aebdf3
--- /dev/null
+++ b/00_blog/00015_Admin/00010_Various-Cheat-Sheets/00120_GDB/index.md
@@ -0,0 +1,29 @@
+# GDB
+
+    http://www.cprogramming.com/debuggers.html
+
+    use gcc or clang with : -ggdb -O0 
+
+    h - help 
+
+    r - run
+    c - continue
+    n - next
+    s - step
+
+    b - break <line>
+    p - print <var>
+
+    wa - watch <var>
+
+    bt
+    frame <number>
+    list
+    info locals
+
+    set <var> = <value>
+    set substitute-path FROM TO
+
+    call <func>
+
+
diff --git a/00_blog/00015_Admin/00010_Various-Cheat-Sheets/index.md b/00_blog/00015_Admin/00010_Various-Cheat-Sheets/index.md
new file mode 100644
index 0000000..ee779fa
--- /dev/null
+++ b/00_blog/00015_Admin/00010_Various-Cheat-Sheets/index.md
@@ -0,0 +1,3 @@
+Cheat Sheets
+============
+A growing collection of some of my cheat sheets.
diff --git a/00_blog/00015_Admin/00020_Benchmarking-and-Stress-testing/index.md b/00_blog/00015_Admin/00020_Benchmarking-and-Stress-testing/index.md
new file mode 100644
index 0000000..facfc17
--- /dev/null
+++ b/00_blog/00015_Admin/00020_Benchmarking-and-Stress-testing/index.md
@@ -0,0 +1,68 @@
+# Benchmarking
+
+    May 12, 2017
+
+## Tools for Stress Testing your RIG
+
+    Some nice tools to stress-test your computer:
+
+    CPU: Prime95
+    GPU: FurMark
+    RAM: MemTest86+
+    HDD/SSD: S.M.A.R.T
+
+    Ref: http://www.pcworld.com/article/2028882/keep-it-stable-stupid-how-to-stress-test-your-pc-hardware.html
+
+## Networking
+
+    1. Connected my [laptop] and [desktop] via 5meter cat5e cable -> 1000mbit full duplex link
+    2. created ~1.5G ramdisks with tmpfs on each.
+    3. created a 1 giga file with data from /dev/urandom on [desktop]
+    4. copied file with scp from [desktop] to [laptop]
+    5. copied file with scp from [laptop] to [desktop]
+    6. repeated 4 & 5 10 times : average speed ~70+MB/s from desk & 80+MB/s to desk, link stays up all the time. ping around 0.2-0.3ms
+    7. repeated 1-6 with my other 3meter ethernet cable.
+    8. tried both direction simultanously which gave a total data throughput even over 100MB/s
+
+## Hard Disk
+
+To get some information about the disk run:
+
+Request identification info directly from the drive, which is displayed in a new expanded format with considerably more detail than with the older -i option.
+
+    $ hdparm -I /dev/sda
+
+Timings
+
+    $ hdparm -tT /dev/sda
+
+Clear Cache
+
+    $ echo 3 > /proc/sys/vm/drop_caches 
+
+I am using this block-size and count which results in ~2GB:
+
+    $ dd [...] bs=1048576 count=2048
+
+READ:
+
+    $ dd if=test of=/dev/null
+    $ dd if=/dev/sdX of=/dev/null
+
+WRTIE:
+
+    $ dd if=/dev/zero of=test
+    $ dd if=/dev/zero of=/dev/sdX
+
+smartmontools:
+
+    seatage: 
+    Raw_Read_Error_Rate
+    Seek_Error_Rate  
+
+    example:
+    % python
+    >>> 200009354607 & 0xFFFFFFFF
+    2440858991 <---- total number
+    >>> (200009354607 & 0xFFFF00000000) >> 32
+    46 <--- number of errors
diff --git a/00_blog/00015_Admin/00030_Fixing-HDD/index.md b/00_blog/00015_Admin/00030_Fixing-HDD/index.md
new file mode 100644
index 0000000..0bae730
--- /dev/null
+++ b/00_blog/00015_Admin/00030_Fixing-HDD/index.md
@@ -0,0 +1,48 @@
+# Fixing HDD after Free Falling
+
+So you also dropped your hard-disk and some of your secotrs got damaged,
+probably by the head hitting the platter? 
+
+Backup all your data.
+
+## smartctl
+
+Try from fastest to slowest to find faulty sector: replace LBAi\_START,LBA\_END with meaningful values.
+
+    smartctl -t [long|conveyence|short|select,LBA_START-LBA_END] -C /dev/sda 
+
+## hdparm
+
+Bi-search via –read-sector if complete ranges are affected (as in my case) and then fix them in one step:
+
+    for i in {36312851..36312886}; do hdparm --write-sector $i /dev/sda; done
+
+## Example
+
+Exemplary session fixing one sector:
+
+**WARNING: this will destroy your data !**
+
+    1)  # smartctl -a /dev/sda | egrep 'Pend|Real|Offline_Unc'
+
+      5 Reallocated_Sector_Ct   0x0033   100   100   036    Pre-fail  Always       -       4
+    197 Current_Pending_Sector  0x0012   098   098   000    Old_age   Always       -       47
+    198 Offline_Uncorrectable   0x0010   098   098   000    Old_age   Offline      -       47
+
+    2)  # smartctl -t short /dev/sda
+
+    3)  # smartctl -l selftest /dev/sda
+
+    [...] 1  Short offline       Completed: read failure       90%     10632         152076520
+
+    4)  # hdparm --read-sector 152076520 /dev/sda  # verification
+
+    [...] reading sector 152076520: FAILED: Input/output error
+    
+    5)  # hdparm --write-sector 152076520 /dev/sda 
+
+    6)  # smartctl -a /dev/sda | egrep 'Pend|Real|Offline_Unc'
+
+      5 Reallocated_Sector_Ct   0x0033   100   100   036    Pre-fail  Always       -       4
+    197 Current_Pending_Sector  0x0012   098   098   000    Old_age   Always       -       46
+    198 Offline_Uncorrectable   0x0010   098   098   000    Old_age   Offline      -       46
diff --git a/00_blog/00015_Admin/00040_Oneliners/index.md b/00_blog/00015_Admin/00040_Oneliners/index.md
new file mode 100644
index 0000000..c16a515
--- /dev/null
+++ b/00_blog/00015_Admin/00040_Oneliners/index.md
@@ -0,0 +1,41 @@
+# Oneliners
+
+A Growing Collection of Linux Command Line One-Liners
+
+Please believe me... this collection was really supposed to grow over time...
+
+inside a direcotry show disk usage of all hidden files and directories and sort by size:
+
+    $ du $(ls .* -d | tail -n +3) -hs |sort -h
+
+inside a direcotry show disk usage of all files and directories (also hidden) and sort by size.
+Exclude 'garbage' file.
+
+    $ du . -a -d 1 -h --exclude=garbage | sort -h
+
+Tar all files in current directory, excluding ./DATA and ./.cache
+
+    $ tar --exclude=.cache -cvf home_miguel_20180216.tar .
+
+Find files in ./ARCHIVE NOT belonging to a specific user: miguel
+
+    $ find ARCHIVE/ \! -user miguel
+
+set folder/ permissions to Read/Browse only for owner recursively
+
+    $ sudo chmod -R u=r,g=,o= folder/
+    $ chmod -R u=rX,g=,o= folder/
+
+find all mails from Boban when in the maildir full of mailboxes and print only short headers without bodies:
+
+    $ grepmail -H -B -Y ‘(^TO:|^From:)’ Boban *
+
+not really a one-lier but will print 256 colors in a bash:
+
+    for i in {0..255} ; do
+        printf "\x1b[48;5;%sm%3d\e[0m " "$i" "$i"
+        if (( i == 15 )) || (( i > 15 )) && (( (i-15) % 6 == 0 )); then
+            printf "\n";
+        fi
+    done
+
diff --git a/00_blog/00015_Admin/00050_Wine-in-LXC/index.md b/00_blog/00015_Admin/00050_Wine-in-LXC/index.md
new file mode 100644
index 0000000..24344e0
--- /dev/null
+++ b/00_blog/00015_Admin/00050_Wine-in-LXC/index.md
@@ -0,0 +1,197 @@
+Wine inside LXC
+===============
+
+Abstract
+--------
+
+Running Wine inside an unpriviliged LXC Container as a secondary user,
+utilizing the host systems OpenGL 3D acceleration and PulseAudio.
+
+Host System
+-----------
+
+* Debian 9 / Stretch
+* Xorg running as primary user "miguel"
+* NVIDIA proprietary drivers (debian's contrib/non-free)
+* PulseAudio up & running as primary user (I run pavucontrol as miguel)
+* A Secondary user "retard2" with uid/gid=1002
+
+Preparations
+------------
+
+Allow access to the display server and audio. Note that you should 
+restrict this in a real world setup (e.g. auth-ip-acl):
+
+    migue@host$ xhost + # allow remote X access
+
+add this lines to /etc/pulse/default.pa and restart pulsaudio:
+
+    load-module module-native-protocol-tcp auth-anonymous=1
+    load-module module-zeroconf-publish
+
+Create Container
+----------------
+
+    1. In order to allow the creation of virutal network bridges as our 
+    secondary user, add the following two lines to /etc/lxc/lxc-usernet:
+
+    retard2  veth         virbr0     2
+    retard2  veth         lxcbr0     10
+
+    2. Login as retard2 ("su" does not work well with cgroups)
+
+    miguel@host$ sudo machinectl login   # than login as retard2
+    retard2@host$ cat /proc/self/cgroup  # just check cgroups if you want
+
+    3. Add subuid subgid mappings to /home/retard2/.config/lxc/default.conf
+    You can check the ranges in /etc/subuid and /etc/subgid:
+
+    lxc.id_map = u 0 1541792 65536
+    lxc.id_map = g 0 1541792 65536
+
+    4. We are ready to create the lxc container as retard2: 
+
+    retard2@host$ lxc-create -n winebox -t download
+
+    Select exactly the same distro / version / arch as you run on the
+    host. i.e. debian / stretch / amd64
+
+    retard2@host$ lxc-ls # assure that "winebox" LXC was created
+
+    5. Adapt the new config in: ~/.local/share/lxc/winebox/config adding:
+
+    # NET
+    lxc.network.type = veth
+    lxc.network.link = lxcbr0
+    lxc.network.flags = up
+    lxc.network.hwaddr = 00:16:3e:be:3c:5a 
+
+    # X
+    lxc.mount.entry = /dev/dri dev/dri none bind,create=dir
+    lxc.mount.entry = /tmp/.X11-unix tmp/.X11-unix none bind,create=dir
+
+    # NVIDIA
+    lxc.mount.entry = /dev/nvidia0 dev/nvidia0 none bind,create=file
+    lxc.mount.entry = /dev/nvidiactl dev/nvidiactl none bind,create=file
+
+    6. Finally start the container and enter its realm:
+
+    retard2@host$ lxc-start -n winebox
+    retard2@host$ lxc-ls --running            # check it is up & running
+    retard2@host$ lxc-attach -n winebox -- su # enter container (as root)
+
+Inside the Container
+--------------------
+
+    1. Adapt /etc/apt/sources.list to make use of "contrib" and "non-free" 
+    and run:
+
+    root@winebox$ apt update
+
+    2. Get OpenGL running
+
+    root@winebox$ apt upgrade
+    root@winebox$ apt install mesa-utils
+    root@winebox$ apt install xserver-xorg-video-nvidia
+    root@winebox$ DISPLAY=:0 glxgears                        # check
+    root@winebox$ DISPLAY=:0 glxinfo  | grep "direct render" # check
+
+    3. Get PulseAudio running.
+    Please adapt the IP to the host's lxcbr0 ip address.
+
+    root@winebox$ apt install pavucontrol
+    root@winebox$ DISPLAY=:0 PULSE_SERVER=10.0.5.1 pavucontrol
+
+    At this point we should have accelerated video and audio running from 
+    inside our LXC. Well Done!
+
+Wine
+----
+
+A few trivial requirements:
+
+    root@winebox$ apt install wget
+    root@winebox$ apt install gnupg
+    root@winebox$ apt install apt-transport-https
+
+Now let's get some wine accoring to: https://wiki.winehq.org/Debian:
+
+    root@winebox$ sudo dpkg --add-architecture i386
+    root@winebox$ wget -nc https://dl.winehq.org/wine-builds/Release.key
+    root@winebox$ sudo apt-key add Release.key
+
+Add the debian stretch wine repo to your /etc/apt/sources.list:
+
+    deb https://dl.winehq.org/wine-builds/debian/ stretch main
+
+    root@winebox$ apt update
+    root@winebox$ apt-get install --install-recommends winehq-stable
+
+Unfortunatelly wine still depends on the 32-bit versions of some libs so
+we have to replace our 64-bit verions by running:
+
+    root@winebox$ apt install libgl1-nvidia-glx:i386
+
+Restrict Networking
+-------------------
+
+Now You can optionally restrict any communication with the outside world:
+
+    miguel@host$ sudo iptables -F FORWARD       #block traffic
+    miguel@host$ sudo iptables -P FORWARD DROP  #block traffic
+
+If your host is forwarding traffic you will need to set up some rules.
+
+Finalizing Contianer
+--------------------
+
+    1. Create a non-root user:
+    root@winebox$ adduser lxc-retard
+
+    2. Now we can exit the container with :
+    root@winebox$ exit
+
+    3. Stop the container on the host. This might take some while.
+    retard2@host$ lxc-stop -n winebox
+
+    4. THIS WOULD BE A VERY GOOD MOMENT TO SNAPSHOT THE CONTIANER 
+    FOR LATER REUSE!
+
+Summary
+-------
+
+Congratulations! Now you are running "wine" as an unprivileged user
+inside of an unprivileged container of a secondary user, utlizing your
+hosts hardware acceleration and PulseAudio capabilities.
+
+Optionally traffic forwarding has been blocked, for increased security.
+
+Using the Container
+-------------------
+
+To use your new container you will need to go through the following 
+steps each time:
+
+    miguel@host$ xhost +
+    miguel@host$ sudo iptables -F FORWARD       #block traffic
+    miguel@host$ sudo iptables -P FORWARD DROP  #block traffic
+    miguel$host$ sudo machinectl login # and login as retard2
+
+    retard2@host$ lxc-start -n winebox
+
+Now you can attach to the container as lxc-retard user:
+
+    retard2@host$ lxc-attach -n winebox -- su lxc-retard
+
+Alternatively we can attach as root:
+
+    retard2@host$ lxc-attach -n winebox -- su
+
+Do not forget to stop container once you are finished:
+
+    retard2@host$ lxc-stop -n winebox
+
+Remember that stopping might take a while. Be patient!
+
+Make sure to automate/adapt the process, according to your personal
+preferences and requirements.
diff --git a/00_blog/00015_Admin/00070_Password-Management-on-the-Command-Line/index.md b/00_blog/00015_Admin/00070_Password-Management-on-the-Command-Line/index.md
new file mode 100644
index 0000000..1b45b02
--- /dev/null
+++ b/00_blog/00015_Admin/00070_Password-Management-on-the-Command-Line/index.md
@@ -0,0 +1,89 @@
+# Passoword Managemet from the Command Line
+
+    February 8, 2018
+
+Today we will look at some simple, portable yet effective ways to manage 
+your passwords from the command line. You will need nothing more than 
+**apg** and one of **gnugpg** or **openssl** along with your favorite 
+text editor.
+
+~~~~~~~~~~ {.bash}
+apt install apg gnupg openssl
+~~~~~~~~~~
+
+## Generate your Password
+
+Before you can manage your passwords, you will obviously first have to 
+generate them. Since your brain might be a very poor random number 
+generator you can use `/dev/random` here.
+
+A few examples for generating random passwords with **apg** follow:
+
+~~~~~~~~~~ {.bash}
+# generate a few random passwords with default settings using /dev/random
+apg -c /dev/random    
+ 
+# set password length to 20-30 characters and generate 10 passwords
+apg -m20 -x30 -n10 -c /dev/random
+ 
+Example output:
+   gootCoHuecJarItOojBouFrag
+   OignisholWulfisOdPearshed
+   fekfedsornUgbacyoimyab
+   ...
+ 
+# Other useful flags: 
+#- a0    pronouncable
+# -a1    random 
+ 
+# If you use -a1 you can specify the symbolset with -M 
+# You can combine multiple -M options as in: -MCnS
+ 
+# -MC / -Mc must/can use small leters set
+# -MC / -Mc must/can use capital symbol set
+# -MN / -Mn must/can use numeral symbol set
+# -MS / -Ms must/can use special symbol set
+ 
+ 
+# Finally we can exclude specific characters from the symbol set with -E
+apg -a1 -m10 -MN -E 02345678 -c /dev/random
+ 
+Example output:
+   9119191199
+   9919119919
+   1199999911
+   ...
+~~~~~~~~~~
+
+## Managing your Password Safe
+
+Just put the passwords in a plaintext file (named mypasswords in the examples below), 
+along with related data and encrypt them symmetrically via **gnupg**. 
+Decrypt them as needed. You will be prompted for a passphrase in each case.
+
+Note that **gnupg** might cache your password for a few minutes, 
+so don’t worry if you can decrypt them without beeing prompted.
+
+~~~~~~~~~~ {.bash}
+#encrypyt. Don't forget to delete the source file
+gpg -c mypasswords
+ 
+#decrypt and write to STDOUT
+gpg -d mypasswords.gpg
+~~~~~~~~~~
+
+You might prefer openssl, which some claim to be even more portable
+
+~~~~~~~~~~ {.bash}
+#encrypyt. Don't forget to delete the source file
+openssl aes-256-cbc -salt -in mypasswords > mypasswords.aes
+ 
+#decrypt and write to STDOUT
+openssl aes-256-cbc -d -in mypasswords.aes
+~~~~~~~~~~
+
+Adding, Editing or Deleting a password constitutes simply of the three steps:
+
+* decrypt your password file and save it in a safe place
+* edit the passwordfile as needed with your favorite text editor
+* encrypt the password flie back again
diff --git a/00_blog/00015_Admin/00090_Miguels-KVM-Adventures/index.md b/00_blog/00015_Admin/00090_Miguels-KVM-Adventures/index.md
new file mode 100644
index 0000000..722d20f
--- /dev/null
+++ b/00_blog/00015_Admin/00090_Miguels-KVM-Adventures/index.md
@@ -0,0 +1,220 @@
+Miguel’s KVM Adventures
+=======================
+
+February 7, 2018
+
+Some notes about my explorations of the World of KVM virtualization.
+
+## Abstract
+In my never ending pursuit of abstraction and encapsulation I recently started integrating all of my services into docker containers and deploying them inside virtual kvm guests. This article presents my continues effort to summarize the findings of this ongoing journey, which implies that the following material might be subject to change anytime without notice. This collection of notes and sentimental thoughts comes without any warranty or implication of fitness for any purpose. You have been warned! Now feel free to make use of it.
+
+## Libvirt
+This are the most common virsh commands I use to manage the kvm guests, where _domain_ is simply the name of the targeted guest and _FILE_ the name of a XML file. Remember that libvirt supports other virtualization infrastructure as well (Xen, VMware, QEMU). Most of the options are self-explanatory. With ‘virsh create’ starting a transient domain, that will disappear after shutdown, and the define/start combo resulting in a persistent domain that will even survive host restarts
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.bash}
+    virsh create _FILE_                 # create domain from xml file
+    virsh destroy _domain_              # forcefully remove domain
+    
+    virsh define _FILE_                 # define domain from xml file
+    virsh undefine _domain_             # undefine domain 
+    
+    virsh suspend _domain_              # stop all scheduling
+    virsh resume _domain_               # start scheduling
+    
+    virsh start _domain_                # power on domain
+    virsh shutdown _domain_             # send corresponding ACPI signal to guest
+    
+    virsh edit _domain_                 # edit xml config in place
+    
+    virsh autostart _domain_            # set autostart flag
+    virsh autostart _domain_ --disable  # unset autostart flag
+    virsh list [--all] [--autostart]    # list defined/active/autostart domains
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+## Disk Image
+Most of the guest systems will require some sort of storage. Creating a fresh qcow2 image, to back our virtual disk, is as simple as running:
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.bash}
+    qemu-img create -f qcow2 milky.img 200G
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Do not worry, the image will only take a fraction of the declared space, and will not grow larger than necessary, due to trimming, which will be explained later.
+
+
+## Domain Definition
+Domains, this is how libvirt calls our ‘guests’, can be defined in XML formatted files. This is my minimalistic defintion of the domain ‘milkman’ carrying 8GB RAM and 4 CPUs:
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.xml .numberLines}
+    <domain type='kvm'>
+    
+    <name>milkman</name>
+    <uuid>504d80ee-1427-11e8-9861-0708f4830f96</uuid>
+    
+    <memory unit='KiB'>8388608</memory>
+    <currentMemory unit='KiB'>8388608</currentMemory>
+    <vcpu>4</vcpu>
+    
+    <os>
+        <type>hvm</type>
+        <boot dev='hd'/>
+    </os>
+    
+    <features>
+        <acpi/>
+    </features>
+    
+    <clock offset='utc'/>
+    <on_poweroff>destroy</on_poweroff>
+    <on_reboot>restart</on_reboot>
+    <on_crash>destroy</on_crash>
+    
+    <devices>
+    
+        <emulator>/usr/bin/kvm</emulator>
+    
+        <disk type='file' device='disk'>
+        <driver name='qemu' type='qcow2' discard='unmap' />
+        <source file='/home/miguel/KVM/images/milky.img'/>
+        <target dev='sda' bus='scsi'/>
+        </disk>
+    
+        <interface type='bridge'>
+        <source bridge='virbr1'/>
+        <model type='virtio'/>
+        </interface>
+    
+        <controller type='scsi' index='0' model='virtio-scsi' />
+    
+        <graphics type='vnc' port='55555' autoport='no' listen='::1' />
+    
+    </devices>
+    
+    </domain>
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Beside the obvious RAM size and CPU count w specify the underlying qcow2 image, to be used for our emulated hard disk. We also want to specify discard=’unmap’ and make use of a virtio-scsi controller, both to allow trimming. Trimming will be covered in more detail later.
+
+Our virtual machine relies on a virtual bridge virbr1. It is very important to use type=’virtio’ here. The defaults resulted in extremely poor network performance, at least in some of my particular use cases. The setup of the bridge with accompanying parameters is described in the next section about networking.
+
+At the very last we tell the vnc-server to listen on ::1 at port 5555. This values can be also adjusted during run-time as explained later on.
+
+In order to install an operating system we can add a virtual cd-rom along with an iso-image by augmenting the devices section in our XML defintion with the following lines:
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.xml .numberLines}
+    <disk type='file' device='cdrom'>
+      <driver name='qemu' type='raw'/>
+      <source file='/home/miguel/KVM/isos/debian-9.3.0-amd64-netinst.iso'/>
+      <target dev='hdc' bus='ide'/>
+      <readonly/>
+    </disk>
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Make sure to adapt the boot order in the os section by adding an appropriate line, so you end up with this:
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.xml .numberLines}
+    <os>
+      <type>hvm</type>
+      <boot dev='cdrom'/>
+      <boot dev='hd'/>
+    </os>
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+## Networking
+Since my primary interface to the virtual machines is SSH, reliable network connectivity is one of the primary foci. IPv4 addresses became scarse so we will not waste any for the host systems virbr1 or eth0. The following diagram illustrates my IPv4 setup of a simple arp proxy utilizing ipv4 forwarding. The guests use their public ipv4 addreses and the ips of the hosts gateway.
+
+![](ipv4.png){.img-fluid}
+
+There is no need to save address space in case of IPv6 since we have a complete /64 IPv6 subnet at our disposal. While only a few guests are accessible by their IPv4 public addresses directly, we have virtually an infinite number of IPv6 addresses. Sidenote: One single /64 IPv6 subnet consists of 2^64 different addresses, which is over four billion times more than there are IPv4 addresses in the whole world! I use just the lower /65 half of our /64 subnet for the guests while the IPv6 address of the hosts NIC lies in the upper half.
+
+My IPv6 setup in /etc/network/interface goes along this lines:
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.numberLines}
+    #/etc/network/interfaces
+     
+    iface eth0 inet6 static
+        address2a01:6a8:122:5622:8000::88/128
+        gateway fe80::1
+     
+    iface virbr1 inet6 static
+        pre-up brctl addbr virbr1
+        address 2a01:6a8:122:5622::3/65
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+All we need to do is activate IPv6 forwarding on the host to let our guests communicate with the world outside.
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.bash}
+    sysctl -w net.ipv6.conf.all.forwarding=1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+And this is how the IPv6 config of a particular guest looks like:
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.numberLines}
+    iface ens3 inet6 static
+      address  2a01:6a8:122:5622::13/65
+      gateway  2a01:6a8:122:5622::3
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Things could be improved further by running a DHCP server, like dnsmasq, to assign the guest addresses, but for now I want to keep it simple.
+
+## VNC
+
+While ssh is perfectly sufficient for most of the time, you sometimes might need to have a look at the frame-buffer console. You can start/stop listening on a specific port or interface with:
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.bash}
+    sudo virsh qemu-monitor-command <guest_name> --hmp change vnc <listen_ip>:<port>
+    sudo virsh qemu-monitor-command <guest_name> --hmp change vnc none
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Interestingly the port is offset by 5900 meaning that e.g. :87 will let the vnc-server listen on port 5987!
+Check it with netstat -tulpn to be sure.
+
+##  Backup Running KVM
+
+One of the beautiful things about using virtual machines is the level of control we have over them. We can for instance backup our running machines with almost no downtime using the following approach:
+
+dump config to xml file
+save kvm state (RAM etc.) and stop the guest.
+create an overlay on the underlying qcow2 disk image.
+restore the kvm on the overlay.
+backup the original disk image.
+commit deltas from overlay to the image.
+switch to the image with merged changes and delete deltas.
+
+A downtime will be experienced only between the save and restore steps, while the most time consuming part of the process, backing up the disk, can be delayed. The XML, RAM state and HDD snapshot contain all the data required to re-spawn an identical consistent copy of our virtual machine, as at the time of the backup. NOTE: the clock might cause problems if not adjusted, if some applications rely on it. Ntp can take care of that. A fast and dirty implementation of this technique, for my particular setup, can be found on our gitweb [2]. A more complete but complex solution is Daniel Berteaud’s perl script [3], which I frankly did _not_ test myself.
+
+## Docker Containers
+A common use case is to run docker inside the virtual guests, which makes it an integral part of my ‘KVM Adventures’. I prefer to remap docker’s root user to a non-privileged user of my host, as well as utilize syslog instead of the default json-file driver. This is reflected by the following config:
+
+/etc/docker/daemon.json:
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.json .numberLines}
+    {
+                  "userns-remap": "miguel",
+                  "log-driver": "syslog"
+    }
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Optionally you can tell rsyslog to log deamon.\* entries into a separate file and adjust logrotation as outlined here [5].
+
+## Miscellaneous
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.bash}
+    virt-host-validate # validate host virtualization setup
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Use this RedHat virtio drivers when you install win10 [6].
+
+* https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/
+
+Forward ipv4 to an ipv6 only:
+
+socat TCP4-LISTEN:51247,fork,su=nobody TCP6:[2a01:4f8:192:5112::6]:51247
+
+## References
+
+    [1] https://libvirt.org/formatdomain.html
+    [2] https://gitweb.softwarefools.com/?p=miguel/kvm_tools.git
+    [3] http://repo.firewall-services.com/misc/virt/virt-backup.pl
+    [4] https://www.linux-kvm.org/page/Tuning_KVM
+    [5] https://www.wolfe.id.au/2015/05/03/syslog-logging-driver-for-docker/
+    [6] https://www.funtoo.org/Windows_10_Virtualization_with_KVM
diff --git a/00_blog/00015_Admin/00090_Miguels-KVM-Adventures/ipv4.png b/00_blog/00015_Admin/00090_Miguels-KVM-Adventures/ipv4.png
new file mode 100644
index 0000000..3dac4ed
--- /dev/null
+++ b/00_blog/00015_Admin/00090_Miguels-KVM-Adventures/ipv4.png
diff --git a/00_blog/00015_Admin/index.md b/00_blog/00015_Admin/index.md
new file mode 100644
index 0000000..fe5bd15
--- /dev/null
+++ b/00_blog/00015_Admin/index.md
@@ -0,0 +1,2 @@
+Admin Stuff
+===========