Stuff

config/general/linux-general.md

@@ -159,14 +159,34 @@ breadcrumbs:
 
 #### APT (Debian)
 
-- Find packages depending on the package: `apt rdepends --installed <package>`
-- Quickly add new repo: `add-apt-repository <repo-line`
-    - It will add the line to `/etc/apt/sources.list`, where you can manually remove it again.
-- Keys:
+- Dependencies:
+    - Find packages which this package depends on: `apt depends <package>`
+    - Find packages which depend on this package: `apt rdepends [--installed] <package>`
+- Add repo (simple, not recommended):
+    1. Add key: Download and run `apt-key add <key-file>`.
+    1. Add repo: `add-apt-repository <repo-line>`
+    1. (Note) This will add the line to `/etc/apt/sources.list`, where you can manually remove it again.
+- Add repo (recommended):
+    1. (Note) This method makes sure a repo key is only used to verify packages from that repo and isn't trusted globally. It doesn't prevent the repo from providing malicious versions of packages that should come from elsewere, however.
+    1. Download the key: Download it to `/usr/share/keyrings/<name>.gpg`.
+    1. Add the repo: In `/etc/apt/sources.list.d/<name>.list`, add the repo line and add `[signed-by=/usr/share/keyrings/<name>.gpg]` after `deb` (in the existing square brackets if one exists already).
+    1. Update cache: `apt update`
+- Keys (for authenticating packages):
     - List: `apt-key list`
         - It will also show which file contains it.
+    - Add key (easy): `apt-key add <key-file>`
+    - Add key (alternative): Save the keyring file as `/etc/apt/trusted.gpg.d/<name>.gpg` (or `.asc`).
     - Remvoe key: `apt-key del <key-id>`
         - The 8-digit hex key ID may either be found on `pub` line or as the last 8 hex digits on the continuation line.
+- Preferences:
+    - Used to override package priorities, to control which package version or origin is used (or not).
+    - Preferences are stored in `/etc/apt/preferences` and `/etc/apt/preferences.d/<name>`.
+- Log:
+    - See `/var/log/dpkg.log`.
+- Error handling (when `apt install -f` doesn't fix it):
+    - Always run `apt install -f` afterwards, to make sure the problem is resolved and make sure APT isn't left in an errored state.
+    - If package conflict, force removal of conflicting package: `dpkg -r --force-depends <package>`
+    - If cache trouble, clean the cache: `apt clean` (or `apt autoclean`)
 
 #### Pacman (Arch)
 

config/network/vyos.md

@@ -44,15 +44,15 @@ An example of a full configuration. Except intuitive stuff I forgot to mention.
     1. Hostname: `set system host-name <hostname>`
     1. Domain name: `set system domain-name <domain-name>`
 1. Set the DNS servers: `set system name-server <ip-address>` (for each server)
-1. Set the time zone: `set system time-zone Europe/Oslo` (Norway)
+1. Set the time zone: `set system time-zone Europe/Oslo` (example)
 1. (Optional) Replace the NTP servers:
     1. Remove default NTP servers: `delete system ntp <server>` (for each server)
     1. Add new NTP servers: `set system ntp server ntp.justervesenet.no` (example)
 1. (Optional) Enable Ctrl+Alt+Del reboot: `set system options ctrl-alt-del-action reboot` (or `ignore`)
 1. Set up a plain WAN-facing interface with an IP address (without LAG or VLAN):
-    1. Show all Ethernet interfaces: `run show interfaces ethernet`
+    1. Show all Ethernet interfaces: `run show interfaces ethernet detail`
     1. Enter interface config: `edit interfaces ethernet <if>`
-    1. Set the MAC address for the interface to bind to if missing: `set hw-id <mac-addr>`
+    1. Set the MAC address if missing (from `show int ...`): `set hw-id <mac-addr>`
     1. Set description: `set description <description>`
     1. (Alternative) Set static address (IPv4 + IPv6): `set address <addr>/<prefix-length>`
     1. (Alternative) Set to get IPv4 address from DHCPv4: `set address dhcp`
@@ -107,6 +107,10 @@ An example of a full configuration. Except intuitive stuff I forgot to mention.
         - `set firewall state-policy invalid action drop`
     1. Create IPv4 and IPv6 rule sets. Note that IPv4 and IPv6 rule sets can't share names, so you can suffix the names with `-4` and `-6` to avoid conflict.
     1. Attach rule sets to interfaces (typically "local" and "out").
+1. Set banners:
+    1. (Note) Newlines must be escaped with `\n`.
+    1. Set pre-login banner: `set system login banner pre-login ""` (disable)
+    1. Set post-login banner: `set system logim banner post-login ""`
 1. (Optional) Tuning (bare metal):
     - **TODO** This can be done in the interface ethernet configs instead.
     - See the Linux router notes.

config/virt-cont/k8s.md

@@ -38,17 +38,27 @@ Using **Debian**.
 - Events:
     - Show: `kubectl get events`
 
-## Minikube
+## Notes and Best Practices
+
+- k8s is the foundation for a platform-as-a-service (PaaS), but requires a ton of configuration if self-hosting/on-premise.
+
+## Related Software
+
+**TODO**
+
+## Alternative Variants
+
+### Minikube
 
 Minikube is local Kubernetes, focusing on making it easy to learn and develop for Kubernetes.
 
-### Setup
+#### Setup
 
 1. See: [minikube start (minikube docs)](https://minikube.sigs.k8s.io/docs/start/)
 1. Add `kubectl` symlink: `sudo ln -s $(which minikube) /usr/local/bin/kubectl`
 1. Add command completion: See normal k8s setup instructions.
 
-### Usage
+#### Usage
 
 - Generally all of the normal k8s stuff applies.
 - Generally sudo isn't required.