SSH
ssh -qt shahed@shahed-aa.local bash
cat <<'EXE' | sudo bash
free -th && echo && systemd-analyze && echo
df -h && echo && lsblk && echo
swapon --show
EXE
WOL
cat <<'EXE'| sudo bash
apt-get update;echo
apt list -a --upgradable;echo
apt-get install -y wakeonlan;echo
EXE
WOL » MAC » Find
WOL_HOST='shahed-an.local'
ping -q -c5 "${WOL_HOST}" >/dev/null
WOL_IPV4="$(getent hosts "${WOL_HOST}"|awk '{print $1}')"
WOL_MACA="$(arp -n "${WOL_IPV4}"|awk 'NR==2 {print $3}')"
printf '\n%s » %s » %s\n' "${WOL_HOST}" "${WOL_IPV4}" "${WOL_MACA}"
WOL » Shahed » AE
wakeonlan 8c:c6:81:94:70:91
WOL » Shahed » AN
wakeonlan 84:47:09:3c:3e:0a
wakeonlan 84:47:09:3c:3e:09
Cloudflare » VIRT
cat << INI | sudo tee /etc/systemd/system/warp0.service >/dev/null
[Unit]
Description=Cloudflared WARP Routing Virtual Interface
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/ip link add warp0 type dummy
ExecStartPost=/usr/sbin/ip addr add 10.20.40.1/32 dev warp0
ExecStartPost=/usr/sbin/ip link set warp0 up
ExecStop=/usr/sbin/ip link delete warp0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
INI
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable --now warp0.service
systemctl status warp0.service
EXE
ip a
Cloudflare » Argo » Tunnel
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-arm64.deb; sudo apt install -f
rm -rf ${HOME}/Downloads/cloudflared-linux-arm64.deb
cat <<'SYS' | sudo tee -a /etc/sysctl.conf >/dev/null
###################################################################
# Cloudflared Tunnel Private Network Config
# This config added by Chorke Academia, Inc
# ICMP Group ID Range 0 to 10,000 Users
net.ipv4.ping_group_range = 0 10000
# 208 KiB Default RX Buffer
net.core.rmem_default=212992
# 208 KiB Default TX Buffer
net.core.wmem_default=212992
# 8 MB Maximum RX Buffer
net.core.rmem_max=8388608
# 8 MB Maximum TX Buffer
net.core.wmem_max=8388608
SYS
sudo sysctl -p
Skipped » Find More » 👈
Cloudflare » WARP » Forward
sudo vim /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
sudo sysctl -p
net.ipv4.ip_forward = 1
ip route | grep default
default via 10.19.83.1 dev wlan0 proto dhcp src 10.19.83.68 metric 600
| Implement Forward Routing
|
| Name
|
Network
|
Subnets
|
Forward
|
| Network » shahed-aj |
10.20.40.10/32 |
10.20.40.10/32 = 1 |
⚪️
|
| Network » shahed-ak |
10.20.40.11/32 |
10.20.40.11/32 = 1 |
⚪️
|
| Network » shahed-al |
10.20.40.12/32 |
10.20.40.12/32 = 1 |
✅
|
| Network » shahed-am |
10.20.40.13/32 |
10.20.40.13/32 = 1 |
✅
|
| Network » shahed-an |
10.20.40.14/32 |
10.20.40.14/32 = 1 |
⚪️
|
cat <<'INI' | sudo tee /etc/systemd/system/warp-route.service >/dev/null
[Unit]
Description=WARP Routes Over LAN
Wants=network-online.target
After=network-online.target
[Service]
Type=oneshot
ExecStartPre=/bin/sleep 15
ExecStart=/usr/sbin/ip route add 10.20.40.12/32 via 10.19.83.101
ExecStart=/usr/sbin/ip route add 10.20.40.13/32 via 10.19.83.100
ExecStop=/usr/sbin/ip route del 10.20.40.12/32
ExecStop=/usr/sbin/ip route del 10.20.40.13/32
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
INI
cat << EXE | sudo bash
systemctl daemon-reload
cat /etc/systemd/system/warp-route.service
systemctl enable --now warp-route.service
systemctl status warp-route.service
echo && ip route show
echo && sysctl -p
EXE
cat << EXE | bash
traceroute 10.20.40.12
traceroute 10.20.40.13
EXE
cat << EXE | sudo bash
systemctl daemon-reload
cat /etc/systemd/system/warp-route.service
systemctl disable --now warp-route.service
systemctl status warp-route.service
echo && ip route show
echo && sysctl -p
EXE
Skipped » Find More » 👈
sudo ufw status numbered
sudo iptables -S
cat << EXE | sudo bash
ufw allow 80/tcp
ufw allow 445/tcp
ufw allow OpenSSH
ufw allow 8443/tcp
ufw allow in on lxdbr0
ufw route allow in on lxdbr0
ufw route allow out on lxdbr0
EXE
sudo ufw status numbered
sudo iptables -S
LB » HAProxy » Frontend » HTTP Config
cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-http-all.cfg >/dev/null
# ##############################################################################
# http frontend config for *.chorke.org, *.chorke.com, *.shahed.biz
# this config added by chorke academia, inc
frontend fnt_shahed_biz
bind *:80
mode http
acl host-is-k8s-aa-shahed-shahed-biz hdr(host) -i k8s.aa.shahed.shahed.biz
use_backend bck_shahed_biz_shahed_aa_k8s if host-is-k8s-aa-shahed-shahed-biz
default_backend bck_shahed_biz_shahed_aa_k8s
backend bck_shahed_biz_shahed_aa_k8s
server shahed_ab_k8s 192.168.49.2:80
mode http
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-http-all.cfg /etc/haproxy/proxy-enabled/
LB » HAProxy » Frontend » CIFS Config
cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-tcp-cifs.cfg >/dev/null
# ##############################################################################
# tcp frontend config for 10.20.40.1:139,445
# this config added by chorke academia, inc
# haproxy: 10.20.40.1:139
frontend fnt_shahed_biz_shahed_an_139
bind *:139
mode tcp
option tcplog
option dontlognull
default_backend bck_shahed_biz_shahed_an_139
backend bck_shahed_biz_shahed_an_139
server shahed_an shahed-an.local:139
mode tcp
# haproxy: 10.20.40.1:445
frontend fnt_shahed_biz_shahed_an_445
bind *:445
mode tcp
option tcplog
option dontlognull
default_backend bck_shahed_biz_shahed_an_445
backend bck_shahed_biz_shahed_an_445
server shahed_an shahed-an.local:445
mode tcp
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-tcp-cifs.cfg /etc/haproxy/proxy-enabled/
LB » HAProxy » Frontend » Kube API Config
cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-tcp-kube.cfg >/dev/null
# ##############################################################################
# tcp frontend config for 10.20.40.1:8443
# this config added by chorke academia, inc
frontend fnt_shahed_biz_shahed_aa
bind *:8443
mode tcp
option tcplog
option dontlognull
default_backend bck_shahed_biz_shahed_aa
backend bck_shahed_biz_shahed_aa
server shahed_aa 192.168.49.2:8443
mode tcp
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-tcp-kube.cfg /etc/haproxy/proxy-enabled/
vim /etc/haproxy/proxy-scripts/reconfig
/etc/haproxy/proxy-scripts/reconfig
systemctl disable --now minikube.service
vim /etc/systemd/system/minikube.service
# append --apiserver-ips=10.20.40.1 with ExecStart
systemctl enable --now minikube.service
ssh -qt shahed@shahed-aa.local bash
sudo -i -u minikube
# run this script on the minikube host. copy the generated output and
# execute it on your local machine's terminal to enable monitoring of
# the minikube cluster.
cat << LOG
$(cat <<'YML'| tee ~/.kube/shahed-aa-kubeconfig.yaml >/dev/null
apiVersion: v1
kind: Config
clusters:
- name: minikube
cluster:
server: https://10.20.40.1:8443
certificate-authority: ../.minikube/ca.crt
contexts:
- name: shahed-aa
context:
cluster: minikube
namespace: default
user: minikube
users:
- name: minikube
user:
client-certificate: ../.minikube/profiles/minikube/client.crt
client-key: ../.minikube/profiles/minikube/client.key
current-context: shahed-aa
YML
)
cat <<'YML'| tee ~/.kube/shahed-aa-kubeconfig.yaml >/dev/null
$(export KUBECONFIG=${HOME}/.kube/shahed-aa-kubeconfig.yaml;\
kubectl config view --flatten;\
rm ${KUBECONFIG};\
)
YML
chmod 600 ~/.kube/shahed-aa-kubeconfig.yaml
ls -alh ~/.kube/
export KUBECONFIG=~/.kube/shahed-aa-kubeconfig.yaml
kubectl config get-contexts
kubectl get namespace
$(echo -n)
LOG
References