Stuff

config/general/computer-testing.md

@@ -24,10 +24,23 @@ breadcrumbs:
 
 ### MemTest86 (Standalone)
 
-- For health error testing.
+- Runs multiple tests and passes over (almost) all the memory to test for errors.
+- Useful for testing bad DIMMs and overclocking stability.
 - Install: [Download](https://www.memtest86.com/download.htm)
     - Use v4 for systems without UEFI support.
-- Not the same as Memtest86+. Memtest86+ is an old fork of Memtest86.
+- Not the same as "Memtest86+". Memtest86+ is an old fork of Memtest86.
+
+### stress-ng (Linux)
+
+- Among other usages, it can test a part of the memory (since the OS is running it obviously can't use everything).
+- Useful for quickly finding severe memory errors without e.g. rebooting into MemTest.
+
+Example usage:
+
+```sh
+# 1 stressor, 75% of memory, with verification, for 10 minutes
+stress-ng --vm 1 --vm-bytes 75% --vm-method all --verify -t 10m -v
+```
 
 ## Storage
 
@@ -43,7 +56,7 @@ breadcrumbs:
     - Note that write performance may sharply degrade after a while when the hardware write cache(s) fill up, so make sure the tests are run for long enough.
     - Examples: See below.
 
-Usage examples:
+Examples usage:
 
 ```sh
 # Sequential, asynchronous, 4kiB, random write

config/general/linux-general.md

@@ -18,6 +18,7 @@ breadcrumbs:
 ### Debian/Ubuntu
 
 - Nobody user and group: `nobody:nogroup`
+- List of default groups: (SystemGroups (Debian Wiki))[https://wiki.debian.org/SystemGroups#Other_System_Groups]
 - Release info file: `/etc/debian_version`
 
 ### RHEL/CentOS

config/hpc/cuda.md

@@ -8,6 +8,11 @@ breadcrumbs:
 
 NVIDIA CUDA (Compute Unified Device Architecture) Toolkit, for programming CUDA-capable GPUs.
 
+### Related Pages
+{:.no_toc}
+
+- [CUDA (software engineering)](/config/se/general/cuda.md)
+
 ## Resources
 
 - [NVIDIA CUDA Installation Guide for Linux (NVIDIA)](https://docs.nvidia.com/cuda/cuda-installation-guide-linux/index.html)
@@ -20,24 +25,22 @@ NVIDIA CUDA (Compute Unified Device Architecture) Toolkit, for programming CUDA-
 ### Linux
 
 The toolkit on Linux can be installed in different ways:
-- Through an an existing package in your distro's repos (simplest and most compatible, but may be outdated).
+
+- Through an an existing package in your distro's repos (simplest and most compatible with other packages, but may be outdated).
 - Through a downloaded package manager package (up to date but may be incompatible with your installed NVIDIA driver).
-- Through a runfile (same as previous but more cross-distro and harder to manage). 
+- Through a runfile (same as previous but more cross-distro and harder to manage).
 
-Note that the toolkit requires a matching NVIDIA driver to be installed.
+If an NVIDIA driver is already installed, it must match the CUDA version.
 
-**Ubuntu (package from main repos):**
+Downloads: [CUDA Toolkit Download (NVIDIA)](https://developer.nvidia.com/cuda-downloads)
 
-1. Update your NVIDIA driver.
-    - Typically through the "Driver Manager" on Ubuntu-based distros, which installs it through the package manager.
-    - Check which version you have installed with `dpkg -l | grep nvidia-driver`.
-1. Install the CUDA toolkit: `apt install nvidia-cuda-toolkit`
+## Usage
 
-**Ubuntu (downloaded package or runfile):**
+### Programming
 
-See [NVIDIA CUDA Installation Guide for Linux (NVIDIA)](https://docs.nvidia.com/cuda/cuda-installation-guide-linux/index.html).
+See [CUDA (software engineering)](/config/se/general/cuda.md).
 
-## Running
+### General Tools
 
 - Gathering system/GPU information with `nvidia-smi`:
     - Show overview: `nvidia-smi`

config/iot-ha/raspberry-pi.md

@@ -17,10 +17,11 @@ breadcrumbs:
 
 ### Installation
 
-1. Download Raspbian: [Download Raspbian (Raspberry Pi)](https://www.raspberrypi.org/downloads/raspbian/)
-    - Use the desktop version for DE and the Lite version for no DE.
+1. Download ~~Raspbian~~ Raspberry Pi OS: [Operating system images (Raspberry Pi)](https://www.raspberrypi.org/software/operating-systems/)
+    - If you don't need a desktop, use "Raspberry Pi OS Lite".
 1. Burn it to the SD card.
     - Make sure the SD card is compatible: [SD Cards (Raspberry Pi)](https://www.raspberrypi.org/documentation/installation/sd-cards.md)
+    - Linux: `dd if=<img-file> of=<sd-dev> bs=4M conv=fdatasync status=progress`
     - Windows: Use Win32DiskImager.
 1. Mount the SD card in the Raspi and power it on.
 
@@ -37,11 +38,11 @@ breadcrumbs:
 ### Basic Setup without Desktop Environment
 
 1. Default credentials: Username `pi`, password `raspberry`.
-1. Configure through the menu: `raspi-config`
-    - Go through all the options.
-    - Locale and default locale: Use `en_US.UTF-8`.
-    - Disable all interfaces except SSH (disable SSH too if not needed).
-    - If a black border is present, disable overscan.
+1. Configure through the menu: `sudo raspi-config`
+    - If a black border is present, disable overscan (**TODO** enable or disable underscan?).
+    - Set the installed locale and default locale to `en_US.UTF-8`.
+    - Fix the keyboard layout.
+    - Enable SSHD.
 1. Upgrade the system and install stuff:
     - Upgrade: `apt update && apt upgrade`
     - Install basics: `apt install vim htop screen`
@@ -60,11 +61,11 @@ breadcrumbs:
 1. Configure SSHD:
     - `PermitRootLogin no`
     - `PasswordAuthentication no`
-    - `AllowTcpForwarding no`
-    - `GatewayPorts no`
-    - `AcceptEnv LANG LC_*`
+    - `#AcceptEnv LANG LC_*` (comment it)
     - Restart `sshd` and try to open a new session.
 1. Remove the MOTD: `> /etc/motd`
+1. Setup firewall:
+    1. **TODO**
 
 ## Applications
 

config/linux-server/applications.md

@@ -637,18 +637,7 @@ Instructions:
 
 #### Textfile Collector
 
-#### Collector Scripts
-
-Some I typically use.
-
-- [apt.sh (Prometheus Community)](https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/blob/master/apt.sh)
-- [yum.sh (Prometheus Community)](https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/blob/master/yum.sh)
-- [deleted_libraries.sh (Prometheus Community)](https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/blob/master/deleted_libraries.py)
-- [ipmitool (Prometheus Community)](https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/blob/master/ipmitool) (requires ipmitool) (**Warning:** This is slow, don't run it frequently. If you do, it may spawn more and more processes waiting to read the IPMI sensors. Run it manually to get a feeling.)
-- [smartmon.sh (Prometheus Community)](https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/blob/master/smartmon.sh) (requires smartctl)
-- [My own textfile exporters](https://github.com/HON95/prometheus-textfile-exporters)
-
-#### Setup and Usage
+##### Setup and Usage
 
 1. Set the collector script output directory using the CLI argument `--collector.textfile.directory=<dir>`.
     - Example dir: `/var/lib/prometheus/node-exporter/`
@@ -661,6 +650,17 @@ Some I typically use.
     - Example cron file: `/etc/cron.d/prometheus-node-exporter-textfile-collectors`
     - Example cron entry: `0 * * * * root /opt/prometheus/node-exporter/textfile-collectors/apt.sh | sponge /var/lib/prometheus/node-exporter/apt.prom`
 
+##### Collector Scripts
+
+Some I typically use.
+
+- [apt.sh (Prometheus Community)](https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/blob/master/apt.sh)
+- [yum.sh (Prometheus Community)](https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/blob/master/yum.sh)
+- [deleted_libraries.sh (Prometheus Community)](https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/blob/master/deleted_libraries.py)
+- [ipmitool (Prometheus Community)](https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/blob/master/ipmitool) (requires ipmitool) (**Warning:** This is slow, don't run it frequently. If you do, it may spawn more and more processes waiting to read the IPMI sensors. Run it manually to get a feeling.)
+- [smartmon.sh (Prometheus Community)](https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/blob/master/smartmon.sh) (requires smartctl)
+- [My own textfile exporters](https://github.com/HON95/prometheus-textfile-exporters)
+
 ### Prometheus Blackbox Exporter
 
 #### Monitor Service Availability
@@ -845,6 +845,42 @@ TFTP_OPTIONS="--create --secure"
 
 See [Ubiquiti UniFi Controllers](/config/network/ubiquiti-unifi-controllers/).
 
+## WireGuard
+
+### Installation
+
+1. Install: `apt install wireguard`
+1. (Debian) Fix broken DNS (using systemd resolved):
+    1. Enable systemd resolved: See [systemd-resolved (Debian server setup)](/config/linux-server/debian/#using-systemd-resolved-alternative-2).
+    1. Fix missing link: `ln -s /usr/bin/resolvectl /usr/local/bin/resolvconf`
+
+### Usage
+
+- Default config path (not world readable): `/etc/wireguard/*.conf`
+- Bring up or down a tunnel based on a config: `wg-quick {up|down} <conf>`
+- Start a tunnel on boot: `systemctl enable wg-quick@wg0.service` (for config `/etc/wireguard/wg0.conf`)
+
+**Example tunnel config**:
+
+```
+[Interface]
+# Generate with "wg genkey"
+PrivateKey = <HIDDEN>
+# Address for the local tunnel interface
+Address = 10.234.0.3/31, 2a0f:9400:800f:ff01::1/127
+DNS = 1.1.1.1, 2606:4700:4700::1111
+
+[Peer]
+# Get with "echo <privkey> | wg pubkey"
+PublicKey = <HIDDEN>
+# Add static route and reverse path filtering
+# "0.0.0.0/0, ::/0" means this will be the default gateway, capturing all traffic
+AllowedIPs = 0.0.0.0/0, ::/0
+Endpoint = vpn.oolacile.hon.systems.:51823
+# Keep the connection alive to keep firewall state alive (not very stealthy, though)
+PersistentKeepalive = 25
+```
+
 ## ZFS
 
 See [Storage: ZFS](/config/linux-server/storage/#zfs).

config/linux-server/debian.md

@@ -66,6 +66,7 @@ If you didn't already configure this during the installation. Typically the case
     - Fix YAML formatting globally: In `/etc/vim/vimrc.local`, add `autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab`.
 1. Add mount options:
     - Setup hidepid:
+        - **TODO** Use existing `adm` group instead of creating a new one?
         - Add PID monitor group: `groupadd -g 500 hidepid` (example GID)
         - Add your personal user to the PID monitor group: `usermod -aG hidepid <user>`
         - Enable hidepid in `/etc/fstab`: `proc /proc proc defaults,hidepid=2,gid=500 0 0`
@@ -123,7 +124,7 @@ If you didn't already configure this during the installation. Typically the case
 1. Check the performance governor and other frequency settings:
     1. Install `linux-cpupower`.
     1. Show: `cpupower frequency-info`
-        - Check the boost state should be on (Intel). 
+        - Check the boost state should be on (Intel).
         - Check the current performance governor (e.g. "powersave", "ondemand" or "performance").
     1. (Optional) Temporarily change performance governor: `cpupower frequency-set -g <governor>`
     1. (Optional) Permanently change performance governor: **TODO**
@@ -190,7 +191,12 @@ The simplest alternative, without any local system caching.
     - `Domains`: A space-separated list of search domains.
 1. (Optional) If you're hosting a DNS server on this machine, set `DNSStubListener=no` to avoid binding to port 53.
 1. Enable the service: `systemctl enable --now systemd-resolved.service`
-1. Point `resolv.conf` to the one generated by systemd: `ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf`
+1. Fix `/etc/resolv.conf`:
+    - Note: The systemd-generated one is `/run/systemd/resolve/stub-resolv.conf`.
+    - Note: Simply symlinking `/etc/resolv.conf` to the systemd one will cause dhclient to overwrite it if using DHCP for any interfaces, so don't do that.
+    - Note: This method may cause `/etc/resolv.conf` to become outdated if the systemd one changes for some reason (e.g. if the search domains change).
+    - After configuring and starting resolved, copy (not link) `resolv.conf`: `cp /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf`
+    - Make it immutable so dhclient can't update it: `chattr +i /etc/resolv.conf`
 1. Check status: `resolvectl`
 
 #### NTP
@@ -267,17 +273,35 @@ Everything here is optional.
 
 ## Troubleshooting
 
-- `network-online.target` is stalling during boot:
-    - See all services it depends on: `systemctl show -p WantedBy network-online.target`
-    - Disable the unused services which stall.
-- Firmware for the network card fails to load:
-    - Causes a syslog record like "firmware: failed to load rtl\_nic/rtl8168g-3.fw (-2)" when trying to up the interface.
-    - Might happen after installation even if working initially (for some reason).
-    - Realtek solution: Enable the "non-free" repo and install "firmware-realtek".
-- Perl complains about a locale error:
-    - Test with `perl -e exit`. It will complain if there's an error.
-    - Check the locale: `locale`
-    - Comment `AcceptEnv LANG LC_*` in `/etc/ssh/sshd_config` to prevent clients bringing their own locale.
+**`network-online.target` is stalling during boot**:
+
+- See all services it depends on: `systemctl show -p WantedBy network-online.target`
+- Disable the unused services which stall.
+
+**Firmware for the network card fails to load**:
+
+- Causes a syslog record like "firmware: failed to load rtl\_nic/rtl8168g-3.fw (-2)" when trying to up the interface.
+- Might happen after installation even if working initially (for some reason).
+- Realtek solution: Enable the "non-free" repo and install "firmware-realtek".
+
+**Perl complains about a locale error**:
+
+- Test with `perl -e exit`. It will complain if there's an error.
+- Check the locale: `locale`
+- Comment `AcceptEnv LANG LC_*` in `/etc/ssh/sshd_config` to prevent clients bringing their own locale.
+
+**Boot volume is full**:
+
+- If this failed during a software upgrade, take note of the error.
+- Most of the time `apt auto-remove` should be enough.
+- Manually remove old kernels (if there's still not enough space):
+    - List installed kernels with `dpkg -l | tail -n +6 | egrep 'linux-image-[0-9]+' | grep -Fv $(uname -r)`
+    - `rc` means already removed, `iU` means it’s queued for install, `ii` means eligible for removal.
+    - Remove all kernels marked `ii` by apt-uninstalling `linux-image-X-generic linux-image-X linux-image-X-common`.
+    - Run another `apt auto-remove` just in case (pointless?).
+- Afterwards:
+    - If it ran out of space during an APT software upgrade, run `apt install -f` to fix any packages which failed and maybe a `apt upgrade` in case there's more upgrades.
+    - Make sure the initramfs isn't corrupt (if it ran out of space during an upgrade) by running `update-initramfs -u -k all`.
 
 ## Miscellanea
 

config/virt-cont/docker.md

@@ -76,16 +76,6 @@ Using **Debian**.
 - Disable IPv4 and IPv6 NAT/masquerade for a bridge network: `docker network create <...> -o "com.docker.network.bridge.enable_ip_masquerade=false" <name>`
 - Set the Linux name of a bridge network: `docker network create <...> -o "com.docker.network.bridge.name=<name>" <name>`
 
-## Miscellanea
-
-### IPv6 Support
-
-- TL;DR: Docker doesn't prioritize implementing IPv6 properly.
-- While IPv4 uses IPTables filter rules for firewalling and IPTables NAT rules for masquerading and port forwarding, it generally uses no such mechanisms when enabling IPv6 (using `"ipv6": true`). Setting `"ip6tables": true` (disabled by default) is required to mimic the IPv4 behavior of filtering and NAT-ing. To disable NAT masquerading for both IPv4 and IPv6, set `enable_ip_masquerade=false` on individual networks. Disabling NAT masquerading for only IPv6 is not yet possible. (See [moby/moby #13481](https://github.com/moby/moby/issues/13481), [moby/moby #21951](https://github.com/moby/moby/issues/21951), [moby/moby #25407](https://github.com/moby/moby/issues/25407), [moby/libnetwork #2557](https://github.com/moby/libnetwork/issues/2557).)
-- IPv6-only networks (without IPv4) are not supported. (See [moby/moby #32675](https://github.com/moby/moby/issues/32675), [moby/libnetwork #826](https://github.com/moby/libnetwork/pull/826).)
-- IPv6 communication between containers (ICC) on IPv6-enabled bridges with IP6Tables enabled is broken, due to NDP (using multicast) being blocked by IP6Tables. On non-internal bridges it works fine. One workaround is to not use IPv6 on internal bridges or to not use internal bridges. (See [libnetwork/issues #2626](https://github.com/moby/libnetwork/issues/2626).)
-- The userland proxy (enabled by default, can be disabled) accepts both IPv4 and IPv6 incoming traffic but uses only IPv4 toward containers, which replaces the IPv6 source address with an internal IPv4 address (I'm not sure which), effectively hiding the real address and may bypass certain defences as it's apparently coming from within the local network. It also has other non-IPv6-related problems. (See [moby/moby #11185](https://github.com/moby/moby/issues/11185), [moby/moby #14856](https://github.com/moby/moby/issues/14856), [moby/moby #17666](https://github.com/moby/moby/issues/17666).)
-
 ## Docker Compose
 
 ### Setup
@@ -113,6 +103,24 @@ export TMPDIR=/var/lib/docker-compose-tmp
 /usr/local/bin/docker-compose-normal "$@"
 ```
 
+## NVIDIA Container Toolkit
+
+The toolkit is used for running CUDA applications within containers.
+
+### Setup
+
+See the [installation guide](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/install-guide.html#docker).
+
+## Miscellanea
+
+### IPv6 Support
+
+- TL;DR: Docker doesn't prioritize implementing IPv6 properly.
+- While IPv4 uses IPTables filter rules for firewalling and IPTables NAT rules for masquerading and port forwarding, it generally uses no such mechanisms when enabling IPv6 (using `"ipv6": true`). Setting `"ip6tables": true` (disabled by default) is required to mimic the IPv4 behavior of filtering and NAT-ing. To disable NAT masquerading for both IPv4 and IPv6, set `enable_ip_masquerade=false` on individual networks. Disabling NAT masquerading for only IPv6 is not yet possible. (See [moby/moby #13481](https://github.com/moby/moby/issues/13481), [moby/moby #21951](https://github.com/moby/moby/issues/21951), [moby/moby #25407](https://github.com/moby/moby/issues/25407), [moby/libnetwork #2557](https://github.com/moby/libnetwork/issues/2557).)
+- IPv6-only networks (without IPv4) are not supported. (See [moby/moby #32675](https://github.com/moby/moby/issues/32675), [moby/libnetwork #826](https://github.com/moby/libnetwork/pull/826).)
+- IPv6 communication between containers (ICC) on IPv6-enabled bridges with IP6Tables enabled is broken, due to NDP (using multicast) being blocked by IP6Tables. On non-internal bridges it works fine. One workaround is to not use IPv6 on internal bridges or to not use internal bridges. (See [libnetwork/issues #2626](https://github.com/moby/libnetwork/issues/2626).)
+- The userland proxy (enabled by default, can be disabled) accepts both IPv4 and IPv6 incoming traffic but uses only IPv4 toward containers, which replaces the IPv6 source address with an internal IPv4 address (I'm not sure which), effectively hiding the real address and may bypass certain defences as it's apparently coming from within the local network. It also has other non-IPv6-related problems. (See [moby/moby #11185](https://github.com/moby/moby/issues/11185), [moby/moby #14856](https://github.com/moby/moby/issues/14856), [moby/moby #17666](https://github.com/moby/moby/issues/17666).)
+
 ## Useful Software
 
 - [watchtower](https://github.com/containrrr/watchtower): Automatically update images and restart containers.

guides/mining/headless-linux-eth-mining/index.md

@@ -0,0 +1,148 @@
+---
+title: Headless Linux ETH Mining
+breadcrumbs:
+- title: Guides
+- title: Mining
+---
+{% include header.md %}
+
+## Overview
+
+This brief guide shows how to setup an ETH miner in a Docker container on a headless Linux (Debian) server using an NVIDIA GPU, as well as how to apply OC and power limiting to the GPU.
+For appropriate values for the GPU clocks and power limit, google it for your specific card to see what others are using.
+Note that I'm using an RTX 3080, [lolMiner](https://github.com/Lolliedieb/lolMiner-releases/releases), [ethermine.org](https://ethermine.org) and my own address for the examples.
+
+## Installation
+
+### NVIDIA Driver (or CUDA)
+
+1. Install the latest NVIDIA driver (or CUDA Toolkit, which includes the driver).
+    - See the [CUDA Toolkit downloads](https://developer.nvidia.com/cuda-downloads).
+    - Using the "deb (network)" method is the simplest IMO.
+1. Make sure the driver works and the GPU is detected: `nvidia-smi`
+
+### X11 (For Fake Display)
+
+1. Install X11 (required for NVIDIA settings): `apt install xorg`
+1. Generate an "empty" X11 configuration (to allow running the NVIDIA settings without a physical screen): `sudo nvidia-xconfig --cool-bits=31 --allow-empty-initial-configuration`
+
+### Docker & NVIDIA Container Runtime
+
+1. Install [Docker](https://docs.docker.com/engine/install/debian/).
+1. Install the [NVIDIA Container Runtime](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/install-guide.html#docker).
+
+## Download the Miner
+
+1. See the example script below.
+1. Try running it manually (lolMiner example): `lolminer/lolMiner --algo=ETHASH --pool=stratum+ssl://eu1.ethermine.org:5555 --user=0xF6403152cAd46F2224046C9B9F523d690E41Bffd`
+
+Example script:
+
+```sh
+#!/bin/bash
+
+# Script to download and prepare lolMiner.
+
+set -eu
+
+ARCHIVE_DOWNLOAD_URL="https://github.com/Lolliedieb/lolMiner-releases/releases/download/1.26/lolMiner_v1.26_Lin64.tar.gz"
+ARCHIVE_LOCAL_FILE="lolminer.tar.gz"
+LOCAL_DIR="lolminer"
+
+rm -rf "$LOCAL_DIR"
+mkdir "$LOCAL_DIR"
+wget "$ARCHIVE_DOWNLOAD_URL" -O "$ARCHIVE_LOCAL_FILE"
+tar xvf "$ARCHIVE_LOCAL_FILE" -C "$LOCAL_DIR" --strip-components=1
+rm -rf "$ARCHIVE_LOCAL_FILE"
+```
+
+## Overclocking, Power Limiting Etc.
+
+### Manually Doing It
+
+These are also present in the example script below so you don't have to run them manually, but you should run them once manually first to make sure they work regardless.
+To see if they work, run the miner while changing the settings and monitor the hashrate in the miner and the power usage in `nvidia-smi`.
+Note that the `[4]` used in some of the commands may be different for you (it's related to the performance level AFAIK).
+
+1. Start an X11 server in the background or some place (again, for NVIDIA settings): `xinit &`
+1. Enable persistent mode for the card to avoid dropping the settings when nothing is running: `nvidia-smi -i 0 -pm 1`
+1. Set power limit to avoid using more power than needed: `nvidia-smi -i 0 -pl 220` (220W)
+1. Enable PowerMizer mode for preferring maximum performance: `DISPLAY=:0.0 nvidia-settings -c :0 -a "[gpu:0]/GPUPowerMizerMode=1"`
+1. Set GPU memory clock offset: `DISPLAY=:0.0 nvidia-settings -c :0 -a "[gpu:0]/GPUMemoryTransferRateOffset[4]=1000"` (1000MHz)
+1. Set GPU core clock offset: `DISPLAY=:0.0 nvidia-settings -c :0 -a "[gpu:0]//GPUGraphicsClockOffset[4]=-200"` (-200MHz)
+1. (Optional) Set constan fan speed: `DISPLAY=:0.0 nvidia-settings -a "[gpu:0]/GPUFanControlState=1" -a "[fan:0]/GPUTargetFanSpeed=100"` (100%)
+
+### Scripting It
+
+- The script below may be used to automatically apply the OC/power limiting, based on the manual commands above.
+- Since the details depend on the specific system and GPU, run the manual commands first to discover what must be changed and then apply those changes to the script below.
+- In order to apply there on boot you may create a crontab file for it (e.g. `/etc/cron.d/lolminer`), containing something like `@reboot root /srv/lolminer/oc.sh >/dev/null` in order to run the script below.
+
+Example script:
+
+```sh
+#!/bin/bash
+
+# Script to apply OC, power limiting etc.
+
+set -eu
+
+GPU_ID=0
+GPU_POWER_LIMIT=220
+GPU_CORE_CLOCK_OFFSET=-200
+GPU_MEMORY_CLOCK_OFFSET=1000
+XINIT_SLEEP=2
+
+echo
+echo "Starting X11 session in background ..."
+pkill xinit || :
+sleep $XINIT_SLEEP
+xinit >/dev/null 2>&1 &
+sleep $XINIT_SLEEP
+
+echo
+echo "Applying settings ..."
+export DISPLAY=:0.0
+nvidia-smi -i $GPU_ID -pm 1
+nvidia-smi -i $GPU_ID -pl $GPU_POWER_LIMIT
+nvidia-settings -c :0 -a "[gpu:$GPU_ID]/GPUPowerMizerMode=1"
+nvidia-settings -c :0 -a "[gpu:$GPU_ID]/GPUMemoryTransferRateOffset[4]=$GPU_MEMORY_CLOCK_OFFSET"
+nvidia-settings -c :0 -a "[gpu:$GPU_ID]/GPUGraphicsClockOffset[4]=$GPU_CORE_CLOCK_OFFSET"
+#nvidia-settings -a "[gpu:$GPU_ID]/GPUFanControlState=1" -a "[gpu:$GPU_ID]/GPUTargetFanSpeed=100"
+
+echo
+echo "Killing the X11 session ..."
+pkill xinit
+sleep $XINIT_SLEEP
+
+echo
+echo "Done!"
+```
+
+## Setup Docker Container
+
+- See the example script below.
+- Setting `--restart=always` will cause it to restart if it crashes as well as starting automatically on system boot.
+
+```sh
+#!/bin/bash
+
+# Script to start the miner inside a container.
+
+set -eu
+
+DOCKER_NAME="lolminer"
+DOCKER_IMAGE="nvidia/cuda:11.2.2-base"
+DOCKER_COMMAND="\
+/opt/lolminer/lolMiner \
+--nocolor \
+--algo=ETHASH \
+--pool=stratum+ssl://eu1.ethermine.org:5555 \
+--user=0xF6403152cAd46F2224046C9B9F523d690E41Bffd.worker-1 \
+"
+DOCKER_VOLUME="$PWD/lolminer:/opt/lolminer/:ro"
+
+docker run -d --init --gpus all -v "$DOCKER_VOLUME" --restart=unless-stopped --name="$DOCKER_NAME" "$DOCKER_IMAGE" $DOCKER_COMMAND
+```
+
+{% include footer.md %}

index.md

@@ -136,22 +136,22 @@ Random collection of config notes and miscellaneous stuff. _Technically not a wi
 - [Database Management Systems (DBMSes)](se/general/dbmses/)
 - [Software Licensing](se/general/licensing/)
 
+### HPC
+
+- [CUDA](se/general/cuda/)
+
 ### Web
 
 - [Web Security](se/web/security/)
 
 ## Guides
 
-### Network
+### Mining
 
-- [Juniper EX3300 Fan Mod](guides/network/juniper-ex3300-fanmod/)
+- [Headless Linux ETH Mining](guides/mining/headless-linux-eth-mining/)
 
-<!--
-## External Resources
+### Network
 
-- [My miscellaneous configs and scripts](https://github.com/HON95/configs)
-- [My miscellaneous code snippets and dev scripts](https://github.com/HON95/code)
-- [My miscellaneous Ansible playbooks](https://github.com/HON95/ansible-playbooks)
--->
+- [Juniper EX3300 Fan Mod](guides/network/juniper-ex3300-fanmod/)
 
 {% include footer.md %}

se/hpc/cuda.md

@@ -0,0 +1,37 @@
+---
+title: CUDA
+breadcrumbs:
+- title: Software Engineering
+- title: HPC
+---
+{% include header.md %}
+
+### Related Pages
+{:.no_toc}
+
+- [CUDA (configuration)](/config/config/hpc/cuda.md)
+
+## Tools
+
+### CUDA-GDP
+
+**TODO**
+
+### Nsight Compute
+
+- **TODO** Description
+- When it reruns kernels for different tests, it restores the GPU state but not the host state. If this causes incorrect behavior, set `--replay-mode=application` to rerun the entire application instead.
+
+### CUDA-MEMCHECK
+
+- For checking correctness and discovering memory bugs.
+- Example usage: `cuda-memcheck --leak-check full <application>`
+
+### nvprof
+
+- For profiling CUDA applications.
+- No longer supported for devices with compute capability 7.5 and higher. Use Nsight Compute instead.
+- Example usage to show which CUDA calls and kernels tak the longest to run: `sudo nvprof <application>`
+- Example usage to show interesting metrics: `sudo nvprof --metrics "eligible_warps_per_cycle,achieved_occupancy,sm_efficiency,alu_fu_utilization,dram_utilization,inst_replay_overhead,gst_transactions_per_request,l2_utilization,gst_requested_throughput,flop_count_dp,gld_transactions_per_request,global_cache_replay_overhead,flop_dp_efficiency,gld_efficiency,gld_throughput,l2_write_throughput,l2_read_throughput,branch_efficiency,local_memory_overhead" <application>`
+
+{% include footer.md %}