diff --git a/Netgrimoire/Audits/first.md b/Netgrimoire/Audits/first.md deleted file mode 100644 index 6acbcfc..0000000 --- a/Netgrimoire/Audits/first.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -title: Untitled Page -description: -published: true -date: 2026-04-01T01:56:08.260Z -tags: -editor: markdown -dateCreated: 2026-04-01T01:50:18.740Z ---- - -# Header -dffasdf -asdf -asd -asdf -asdf -asdf -asdf -asdf -asdf -asdf -asdf -asdf -asdf -asdf \ No newline at end of file diff --git a/Netgrimoire/Authentication/ldap-client-setup.md b/Netgrimoire/Authentication/ldap-client-setup.md index 25fe7f2..f953e1f 100644 --- a/Netgrimoire/Authentication/ldap-client-setup.md +++ b/Netgrimoire/Authentication/ldap-client-setup.md @@ -2,7 +2,7 @@ title: LDAP Client Setup description: published: true -date: 2026-02-20T04:33:31.862Z +date: 2026-01-22T03:36:37.380Z tags: editor: markdown dateCreated: 2026-01-21T13:21:40.588Z diff --git a/Netgrimoire/Backup/Immich_Backup.md b/Netgrimoire/Backup/Immich_Backup.md index d56beac..02d15d4 100644 --- a/Netgrimoire/Backup/Immich_Backup.md +++ b/Netgrimoire/Backup/Immich_Backup.md @@ -2,7 +2,7 @@ title: Immich Backup and Restore description: Immich backup with Kopia published: true -date: 2026-02-20T04:11:52.181Z +date: 2026-02-14T23:34:02.017Z tags: editor: markdown dateCreated: 2026-02-14T03:14:32.594Z diff --git a/Netgrimoire/Backup/MailCow_Backup.md b/Netgrimoire/Backup/MailCow_Backup.md index 379d88b..0c4313d 100644 --- a/Netgrimoire/Backup/MailCow_Backup.md +++ b/Netgrimoire/Backup/MailCow_Backup.md @@ -2,7 +2,7 @@ title: Mailcow Backup and Restore Strategy description: Mailcow backup published: true -date: 2026-02-20T04:15:25.924Z +date: 2026-02-13T22:23:40.797Z tags: editor: markdown dateCreated: 2026-02-11T01:20:59.127Z diff --git a/Netgrimoire/Backup/Nextcloud_Backup.md b/Netgrimoire/Backup/Nextcloud_Backup.md index b124a30..45fc927 100644 --- a/Netgrimoire/Backup/Nextcloud_Backup.md +++ b/Netgrimoire/Backup/Nextcloud_Backup.md @@ -2,7 +2,7 @@ title: Nextcloud Backup description: Native + Kopia published: true -date: 2026-02-20T04:19:28.405Z +date: 2026-02-18T04:40:14.455Z tags: editor: markdown dateCreated: 2026-02-14T23:52:25.405Z diff --git a/Netgrimoire/Backup/Services_Backup.md b/Netgrimoire/Backup/Services_Backup.md index c5b0e05..be7b624 100644 --- a/Netgrimoire/Backup/Services_Backup.md +++ b/Netgrimoire/Backup/Services_Backup.md @@ -2,7 +2,7 @@ title: Services Backup description: published: true -date: 2026-02-20T04:08:15.923Z +date: 2026-02-14T23:51:09.146Z tags: editor: markdown dateCreated: 2026-02-05T21:28:23.152Z diff --git a/Netgrimoire/Backup/Wiki_Backup.md b/Netgrimoire/Backup/Wiki_Backup.md index 984c64d..8524328 100644 --- a/Netgrimoire/Backup/Wiki_Backup.md +++ b/Netgrimoire/Backup/Wiki_Backup.md @@ -2,7 +2,7 @@ title: Wikijs Backup description: Backup Wikijs published: true -date: 2026-02-23T04:35:32.870Z +date: 2026-02-23T04:35:24.121Z tags: editor: markdown dateCreated: 2026-02-23T04:35:24.121Z diff --git a/Netgrimoire/Documentation_Standards.md b/Netgrimoire/Documentation_Standards.md index eea2385..e1f96cb 100644 --- a/Netgrimoire/Documentation_Standards.md +++ b/Netgrimoire/Documentation_Standards.md @@ -2,7 +2,7 @@ title: Netgrimoire Documentation description: How to create and use Netgrimoire Docs published: true -date: 2026-02-20T04:16:19.329Z +date: 2026-02-03T02:54:56.444Z tags: editor: markdown dateCreated: 2026-02-03T02:54:56.444Z diff --git a/Netgrimoire/Netgrimoire_Theme.md b/Netgrimoire/Netgrimoire_Theme.md index cc1c185..3adbf7c 100644 --- a/Netgrimoire/Netgrimoire_Theme.md +++ b/Netgrimoire/Netgrimoire_Theme.md @@ -2,7 +2,7 @@ title: Documentation Style Guide description: Applying a theme published: true -date: 2026-02-25T21:32:16.786Z +date: 2026-02-25T21:32:08.276Z tags: editor: markdown dateCreated: 2026-02-24T14:03:00.791Z diff --git a/Netgrimoire/Network/Port_Assignments.md b/Netgrimoire/Network/Port_Assignments.md index e08efff..d5046e9 100644 --- a/Netgrimoire/Network/Port_Assignments.md +++ b/Netgrimoire/Network/Port_Assignments.md @@ -2,7 +2,7 @@ title: Port Assignments description: published: true -date: 2026-02-20T04:21:52.996Z +date: 2026-01-27T13:15:17.556Z tags: editor: markdown dateCreated: 2026-01-27T03:42:58.945Z diff --git a/Netgrimoire/Network/Security/Caddy.md b/Netgrimoire/Network/Security/Caddy.md index 940f1f8..3f47fc1 100644 --- a/Netgrimoire/Network/Security/Caddy.md +++ b/Netgrimoire/Network/Security/Caddy.md @@ -2,7 +2,7 @@ title: Caddy Reverse Proxy description: Curreent and future config published: true -date: 2026-02-25T01:50:20.558Z +date: 2026-02-25T01:50:11.740Z tags: editor: markdown dateCreated: 2026-02-23T22:09:16.106Z diff --git a/Netgrimoire/Network/Security/OPnSense_IDS.md b/Netgrimoire/Network/Security/OPnSense_IDS.md index f9860d8..74b64a1 100644 --- a/Netgrimoire/Network/Security/OPnSense_IDS.md +++ b/Netgrimoire/Network/Security/OPnSense_IDS.md @@ -2,7 +2,7 @@ title: OpnSense-IDS/IPS description: IDS published: true -date: 2026-02-23T21:51:49.920Z +date: 2026-02-23T21:51:41.041Z tags: editor: markdown dateCreated: 2026-02-23T21:49:16.861Z diff --git a/Netgrimoire/Network/Security/OpnSense_AppInspection.md b/Netgrimoire/Network/Security/OpnSense_AppInspection.md index 87d95c2..cdb8004 100644 --- a/Netgrimoire/Network/Security/OpnSense_AppInspection.md +++ b/Netgrimoire/Network/Security/OpnSense_AppInspection.md @@ -2,7 +2,7 @@ title: OpnSense - App Protection description: App Inspection published: true -date: 2026-02-23T21:52:43.630Z +date: 2026-02-23T21:52:34.981Z tags: editor: markdown dateCreated: 2026-02-23T21:50:37.324Z diff --git a/Netgrimoire/Network/Security/OpnSense_Firewall.md b/Netgrimoire/Network/Security/OpnSense_Firewall.md index 483966f..4d5395d 100644 --- a/Netgrimoire/Network/Security/OpnSense_Firewall.md +++ b/Netgrimoire/Network/Security/OpnSense_Firewall.md @@ -2,7 +2,7 @@ title: OpnSense description: Grimoire Firewall Configuration published: true -date: 2026-02-23T21:31:26.008Z +date: 2026-02-23T21:31:15.244Z tags: editor: markdown dateCreated: 2026-02-23T21:31:15.244Z diff --git a/Netgrimoire/Network/Security/OpnSense_Git.md b/Netgrimoire/Network/Security/OpnSense_Git.md index 0061fa4..871bbf2 100644 --- a/Netgrimoire/Network/Security/OpnSense_Git.md +++ b/Netgrimoire/Network/Security/OpnSense_Git.md @@ -2,7 +2,7 @@ title: OpnSense - GIT Integration description: Git Integration published: true -date: 2026-02-23T21:53:24.522Z +date: 2026-02-23T21:53:15.906Z tags: editor: markdown dateCreated: 2026-02-23T21:48:01.779Z diff --git a/Netgrimoire/Network/Security/OpnSense_Ntfy.md b/Netgrimoire/Network/Security/OpnSense_Ntfy.md index 5482a9a..091bbfb 100644 --- a/Netgrimoire/Network/Security/OpnSense_Ntfy.md +++ b/Netgrimoire/Network/Security/OpnSense_Ntfy.md @@ -2,7 +2,7 @@ title: OpnSense - NTFY Integration description: Security Notifications published: true -date: 2026-02-23T22:00:46.462Z +date: 2026-02-23T22:00:37.268Z tags: editor: markdown dateCreated: 2026-02-23T22:00:37.268Z diff --git a/Netgrimoire/Network/Security/opnsense_blocklist.md b/Netgrimoire/Network/Security/opnsense_blocklist.md index d12aba1..a9fd216 100644 --- a/Netgrimoire/Network/Security/opnsense_blocklist.md +++ b/Netgrimoire/Network/Security/opnsense_blocklist.md @@ -2,7 +2,7 @@ title: Opnsense - Additional Blocklists description: Blocklists published: true -date: 2026-02-23T21:54:13.019Z +date: 2026-02-23T21:54:04.063Z tags: editor: markdown dateCreated: 2026-02-23T21:46:39.562Z diff --git a/Netgrimoire/Nucking-Futz/Scripts/vhs_restoration.md b/Netgrimoire/Nucking-Futz/Scripts/vhs_restoration.md index 6c41a4e..8286f1a 100644 --- a/Netgrimoire/Nucking-Futz/Scripts/vhs_restoration.md +++ b/Netgrimoire/Nucking-Futz/Scripts/vhs_restoration.md @@ -2,7 +2,7 @@ title: Video Restoration Script description: Restore VHS Video Captures published: true -date: 2026-03-06T03:48:12.713Z +date: 2026-03-06T03:48:05.841Z tags: editor: markdown dateCreated: 2026-03-06T03:48:05.841Z diff --git a/Netgrimoire/Nucking-Futz/Services/Stash/Stash-Management.md b/Netgrimoire/Nucking-Futz/Services/Stash/Stash-Management.md index befe7b4..5f96b30 100644 --- a/Netgrimoire/Nucking-Futz/Services/Stash/Stash-Management.md +++ b/Netgrimoire/Nucking-Futz/Services/Stash/Stash-Management.md @@ -2,7 +2,7 @@ title: Stashapp Workflow description: published: true -date: 2026-02-20T04:25:56.467Z +date: 2026-02-18T13:08:53.604Z tags: editor: markdown dateCreated: 2026-02-18T13:08:53.604Z diff --git a/Netgrimoire/Pocket/Deployment_Guide.md b/Netgrimoire/Pocket/Deployment_Guide.md index d7dbe02..cde0cfa 100644 --- a/Netgrimoire/Pocket/Deployment_Guide.md +++ b/Netgrimoire/Pocket/Deployment_Guide.md @@ -2,7 +2,7 @@ title: Pocket Grimoire description: published: true -date: 2026-02-26T12:42:50.676Z +date: 2026-02-22T05:00:02.026Z tags: editor: markdown dateCreated: 2026-02-20T04:41:35.122Z @@ -354,23 +354,6 @@ sudo raspi-config # System Options → Locale → en_US.UTF-8 ``` -**⚠️ Important: Ubuntu Pi Boot Configuration Note** - -Ubuntu on Raspberry Pi uses a different boot config location than Raspberry Pi OS. - -The active kernel command line is in: -``` -/boot/firmware/current/cmdline.txt -``` - -**Do NOT edit** `/boot/firmware/cmdline.txt` for kernel parameters — that file is only read during `tryboot` scenarios and is ignored on normal boot. - -Any kernel parameters (including USB quirks for drives) must go in `/boot/firmware/current/cmdline.txt` as a single unbroken line. - -This is critical for applying USB storage quirks (see Troubleshooting section if you experience drive issues). - ---- - ### 2. Install VeraCrypt (Optional - For Encrypted Container Files) **VeraCrypt** allows you to mount encrypted container files as virtual drives. This is useful for: @@ -2950,86 +2933,6 @@ sudo syncoid vault/Green/Pocket greenpg/Pocket # if greenpg **Best practice:** After first import to Pocket, the pool is permanently `greenpg` -### Kanguru UltraLock UAS Errors / Pool Suspended - -**Symptoms:** -- ZFS pool repeatedly suspending with `error=5` (EIO) -- dmesg showing `uas_eh_abort_handler` every ~30 seconds -- Pool status shows `SUSPENDED` -- Drive resets cycling: `uas_eh_device_reset_handler start/success` repeating - -``` -sd 0:0:0:0: [sda] tag#8 uas_eh_abort_handler 0 uas-tag 3 inflight: CMD IN -scsi host0: uas_eh_device_reset_handler start -scsi host0: uas_eh_device_reset_handler success -WARNING: Pool 'greenpg' has encountered an uncorrectable I/O failure and has been suspended. -``` - -**Root Cause:** - -The Kanguru UltraLock (`idVendor=1e1d, idProduct=2001`) uses the UAS driver by default. The Raspberry Pi 4's xhci USB controller has a known incompatibility with UAS on certain drives. The fix is to force the drive to use the `usb-storage` driver instead via a kernel quirk parameter. - -**Fix (Ubuntu Pi — permanent):** - -```bash -# Edit the correct cmdline file (NOT /boot/firmware/cmdline.txt) -sudo nano /boot/firmware/current/cmdline.txt -``` - -Add `usb-storage.quirks=1e1d:2001:u` to the end of the existing single line: - -``` -console=serial0,115200 multipath=off dwc_otg.lpm_enable=0 console=tty1 root=LABEL=writable rootfstype=ext4 panic=10 rootwait fixrtc usb-storage.quirks=1e1d:2001:u -``` - -```bash -# Verify: should show ONE $ at end, no blank lines -cat -A /boot/firmware/current/cmdline.txt - -# Reboot -sudo reboot -``` - -**Verify fix after reboot:** - -```bash -sudo dmesg | grep -i "kanguru\|uas\|usb-storage" | head -10 -``` - -Confirmed working output: -``` -usb 2-2: UAS is ignored for this device, using usb-storage instead -usb-storage 2-2:1.0: USB Mass Storage device detected -usb-storage 2-2:1.0: Quirks match for vid 1e1d pid 2001: 800000 -scsi host0: usb-storage 2-2:1.0 -``` - -**Recover suspended pool after applying fix:** - -```bash -sudo zpool clear greenpg -sudo zfs load-key greenpg/Pocket -sudo zfs mount -a -``` - -If pool has data errors from before the fix: -```bash -sudo zpool status -v greenpg -sudo zpool scrub greenpg -# If metadata errors remain and can't be repaired, destroy and resync from Netgrimoire -``` - -**Why `/boot/firmware/cmdline.txt` doesn't work:** - -On Ubuntu Pi, `/boot/firmware/config.txt` only reads `cmdline=cmdline.txt` under the `[tryboot]` section. The active boot uses `/boot/firmware/current/cmdline.txt` instead. This differs from Raspberry Pi OS where `/boot/firmware/cmdline.txt` is the correct file. - -**Hardware reference:** -- Kanguru UltraLock USB ID: `1e1d:2001` -- Pi 4 USB controller: xhci_hcd (Broadcom BCM2711) -- Issue: xhci + UAS incompatibility on large USB drives - -*Fix discovered and documented during greenpg pool troubleshooting, February 2026* - ### Docker Containers Not Starting ```bash # Check if ZFS pools are mounted first diff --git a/Netgrimoire/Pocket/Hardware.md b/Netgrimoire/Pocket/Hardware.md index e79d702..148bc24 100644 --- a/Netgrimoire/Pocket/Hardware.md +++ b/Netgrimoire/Pocket/Hardware.md @@ -2,7 +2,7 @@ title: Pocket Grimoire - Hardware description: Hardware for Pocket Grimoire published: true -date: 2026-02-20T04:29:06.922Z +date: 2026-02-03T17:22:16.329Z tags: editor: markdown dateCreated: 2026-01-28T23:07:03.685Z diff --git a/Netgrimoire/Pocket/ONN_Media_Streamer.md b/Netgrimoire/Pocket/ONN_Media_Streamer.md index 1360020..0b8b2eb 100644 --- a/Netgrimoire/Pocket/ONN_Media_Streamer.md +++ b/Netgrimoire/Pocket/ONN_Media_Streamer.md @@ -2,7 +2,7 @@ title: Stream Box description: Configure ONN Media Box published: true -date: 2026-02-20T04:50:44.701Z +date: 2026-02-20T04:50:34.384Z tags: editor: markdown dateCreated: 2026-02-20T04:50:34.384Z diff --git a/Netgrimoire/Pocket/Software.md b/Netgrimoire/Pocket/Software.md index cca1aea..23db941 100644 --- a/Netgrimoire/Pocket/Software.md +++ b/Netgrimoire/Pocket/Software.md @@ -2,7 +2,7 @@ title: Pocket Grimoire Software description: published: true -date: 2026-02-20T04:30:28.681Z +date: 2026-01-29T04:40:00.733Z tags: editor: markdown dateCreated: 2026-01-29T04:37:33.794Z diff --git a/Netgrimoire/Pocket/Stash_Integration.md b/Netgrimoire/Pocket/Stash_Integration.md index 12df189..64d1db9 100644 --- a/Netgrimoire/Pocket/Stash_Integration.md +++ b/Netgrimoire/Pocket/Stash_Integration.md @@ -2,7 +2,7 @@ title: Pocket Clips description: Integrating Stash published: true -date: 2026-02-22T05:20:31.865Z +date: 2026-02-22T05:20:21.030Z tags: editor: markdown dateCreated: 2026-02-20T04:48:11.191Z diff --git a/Netgrimoire/Service_Document_Template.md b/Netgrimoire/Service_Document_Template.md index 97c2449..ce60e38 100644 --- a/Netgrimoire/Service_Document_Template.md +++ b/Netgrimoire/Service_Document_Template.md @@ -2,7 +2,7 @@ title: Service Documentation Template description: Describe the service published: true -date: 2026-02-20T04:24:03.727Z +date: 2026-02-03T02:57:07.462Z tags: editor: markdown dateCreated: 2026-02-03T02:57:07.462Z diff --git a/Netgrimoire/Services/AI/Netgrimoire_Agent.md b/Netgrimoire/Services/AI/Netgrimoire_Agent.md index 7faed64..7abef3a 100644 --- a/Netgrimoire/Services/AI/Netgrimoire_Agent.md +++ b/Netgrimoire/Services/AI/Netgrimoire_Agent.md @@ -2,7 +2,7 @@ title: Ollama with agent description: The smart home reference published: true -date: 2026-03-05T02:26:41.506Z +date: 2026-03-05T02:26:34.682Z tags: editor: markdown dateCreated: 2026-02-18T22:14:41.533Z diff --git a/Netgrimoire/Services/AI/Readme.md b/Netgrimoire/Services/AI/Readme.md index 259f23e..943baa8 100644 --- a/Netgrimoire/Services/AI/Readme.md +++ b/Netgrimoire/Services/AI/Readme.md @@ -2,7 +2,7 @@ title: Readme description: Readme file generated by AI published: true -date: 2026-03-05T02:28:03.404Z +date: 2026-03-05T02:27:57.522Z tags: editor: markdown dateCreated: 2026-03-05T02:27:57.522Z diff --git a/Netgrimoire/Services/Immich/Convert_Immich.md b/Netgrimoire/Services/Immich/Convert_Immich.md index 3fd78c7..d11925f 100644 --- a/Netgrimoire/Services/Immich/Convert_Immich.md +++ b/Netgrimoire/Services/Immich/Convert_Immich.md @@ -2,7 +2,7 @@ title: Immich on ZFS description: Moving Immich to its own ZFS dataset published: true -date: 2026-02-20T04:13:02.502Z +date: 2026-02-06T15:57:04.261Z tags: service zfs immich dataset editor: markdown dateCreated: 2026-02-06T15:57:04.261Z diff --git a/Netgrimoire/Services/MailCow/MXRoute_Integration.md b/Netgrimoire/Services/MailCow/MXRoute_Integration.md index 2995689..ba75a40 100644 --- a/Netgrimoire/Services/MailCow/MXRoute_Integration.md +++ b/Netgrimoire/Services/MailCow/MXRoute_Integration.md @@ -2,7 +2,7 @@ title: Integrating MXRoute with MailCow description: published: true -date: 2026-02-25T21:04:37.135Z +date: 2026-02-25T21:04:26.849Z tags: editor: markdown dateCreated: 2026-02-25T19:22:31.514Z diff --git a/Netgrimoire/Services/MailCow/MailCOw_Install.md b/Netgrimoire/Services/MailCow/MailCOw_Install.md index fc7defa..e5ef5cb 100644 --- a/Netgrimoire/Services/MailCow/MailCOw_Install.md +++ b/Netgrimoire/Services/MailCow/MailCOw_Install.md @@ -2,7 +2,7 @@ title: Mailcow Dockerized Install and Config description: published: true -date: 2026-02-25T21:05:48.256Z +date: 2026-02-25T21:05:38.864Z tags: editor: markdown dateCreated: 2026-02-25T21:05:38.864Z diff --git a/Netgrimoire/Services/MailCow/Mailcow_Hardening.md b/Netgrimoire/Services/MailCow/Mailcow_Hardening.md index 002eca0..6d921ee 100644 --- a/Netgrimoire/Services/MailCow/Mailcow_Hardening.md +++ b/Netgrimoire/Services/MailCow/Mailcow_Hardening.md @@ -2,7 +2,7 @@ title: MailCow Hardening description: Securing Mailcow published: true -date: 2026-02-23T21:56:32.211Z +date: 2026-02-23T21:56:22.998Z tags: editor: markdown dateCreated: 2026-02-23T21:56:22.997Z diff --git a/Netgrimoire/Services/MailCow/Mailcow_MXRoute.md b/Netgrimoire/Services/MailCow/Mailcow_MXRoute.md index 3cb6c4d..11f4e08 100644 --- a/Netgrimoire/Services/MailCow/Mailcow_MXRoute.md +++ b/Netgrimoire/Services/MailCow/Mailcow_MXRoute.md @@ -2,7 +2,7 @@ title: Forwarding Mailcow through MXRoute description: Maintaining reputation published: true -date: 2026-02-20T04:10:37.730Z +date: 2026-02-15T01:42:12.478Z tags: editor: markdown dateCreated: 2026-02-15T01:42:12.478Z diff --git a/Netgrimoire/Services/MailCow/Sample_Domain_Setup.md b/Netgrimoire/Services/MailCow/Sample_Domain_Setup.md index 928d920..9022a7d 100644 --- a/Netgrimoire/Services/MailCow/Sample_Domain_Setup.md +++ b/Netgrimoire/Services/MailCow/Sample_Domain_Setup.md @@ -2,7 +2,7 @@ title: Sample Domain Setup description: Graymutt@nucking-futz.com published: true -date: 2026-03-16T00:34:08.387Z +date: 2026-03-16T00:34:02.401Z tags: editor: markdown dateCreated: 2026-02-25T22:02:27.719Z diff --git a/Netgrimoire/Services/MailCow/mxroute_mailcow.md b/Netgrimoire/Services/MailCow/mxroute_mailcow.md index 067f1c4..9cedf8b 100644 --- a/Netgrimoire/Services/MailCow/mxroute_mailcow.md +++ b/Netgrimoire/Services/MailCow/mxroute_mailcow.md @@ -2,7 +2,7 @@ title: Recieving Mail thru MXRoute description: Trusted receiver published: true -date: 2026-02-25T17:18:16.273Z +date: 2026-02-25T17:18:07.245Z tags: editor: markdown dateCreated: 2026-02-15T01:44:15.683Z diff --git a/Netgrimoire/Storage/Kopia.md b/Netgrimoire/Storage/Kopia.md index f305c67..507489e 100644 --- a/Netgrimoire/Storage/Kopia.md +++ b/Netgrimoire/Storage/Kopia.md @@ -2,7 +2,7 @@ title: Setting Up Kopia description: published: true -date: 2026-02-20T04:27:59.823Z +date: 2026-02-13T17:10:40.442Z tags: editor: markdown dateCreated: 2026-01-23T22:14:17.009Z diff --git a/Netgrimoire/Storage/Storage_Layout.md b/Netgrimoire/Storage/Storage_Layout.md index c9e5f64..b622424 100644 --- a/Netgrimoire/Storage/Storage_Layout.md +++ b/Netgrimoire/Storage/Storage_Layout.md @@ -2,7 +2,7 @@ title: Netgrimoire Storage description: Where is it at published: true -date: 2026-02-23T18:38:27.621Z +date: 2026-02-23T18:38:18.651Z tags: editor: markdown dateCreated: 2026-01-22T21:10:37.035Z diff --git a/Netgrimoire/Storage/ZFS-Commands.md b/Netgrimoire/Storage/ZFS-Commands.md index 4ed077a..20b1e36 100644 --- a/Netgrimoire/Storage/ZFS-Commands.md +++ b/Netgrimoire/Storage/ZFS-Commands.md @@ -2,7 +2,7 @@ title: ZFS Common Commands description: ZFS Commands published: true -date: 2026-02-20T04:26:23.798Z +date: 2026-02-18T12:38:32.940Z tags: zfs commands editor: markdown dateCreated: 2026-01-31T15:23:07.585Z diff --git a/Netgrimoire/Storage/ZNAS_NFS_Exports.md b/Netgrimoire/Storage/ZNAS_NFS_Exports.md index be1b695..9dccbf0 100644 --- a/Netgrimoire/Storage/ZNAS_NFS_Exports.md +++ b/Netgrimoire/Storage/ZNAS_NFS_Exports.md @@ -2,7 +2,7 @@ title: ZFS-NFS-Exports description: Exporting NFS shares from ZFS datasets published: true -date: 2026-02-23T21:58:20.626Z +date: 2026-02-23T21:58:11.949Z tags: editor: markdown dateCreated: 2026-02-01T20:45:40.210Z diff --git a/Netgrimoire/service_Catalog.md b/Netgrimoire/service_Catalog.md deleted file mode 100644 index 7386d71..0000000 --- a/Netgrimoire/service_Catalog.md +++ /dev/null @@ -1,355 +0,0 @@ ---- -title: Netgrimoire Service Catalog -description: Done or soon to be -published: true -date: 2026-03-29T16:05:32.761Z -tags: -editor: markdown -dateCreated: 2026-03-29T16:05:26.168Z ---- - -# Netgrimoire Service Catalog - -> **Living document** — tracks all deployed, configured, and planned services across the Netgrimoire homelab. -> Source of truth: Forgejo repo — `compose/` = Docker Compose per host | `swarm/` = Docker Swarm | `archive/` = not running -> -> Status: ✅ Deployed & Configured | 🔧 Deployed, Needs Config | 📋 Planned | 🔍 Evaluating | ❌ Abandoned/Archived - ---- - -## 🏗️ Infrastructure Overview - -| Host | Role | IP | Runtime | -|------|------|----|---------| -| znas | NAS / Primary Swarm node | 192.168.5.10 | Docker Compose + Swarm manager | -| docker2 | VPN gateway host | — | Docker Compose | -| docker3 | LibreNMS host | — | Docker Compose | -| docker4 (hermes) | Mail server host | 192.168.5.16 | Docker Compose | -| docker5 | Media host | 192.168.5.18 | Docker Compose | -| Pi4s / NUCs | Swarm worker nodes | various | Docker Swarm workers | - ---- - -## 📡 Network & Reverse Proxy - -| Status | App | Host / Runtime | URL | Purpose | Notes | -|--------|-----|----------------|-----|---------|-------| -| ✅ | OPNsense | Firewall appliance | — | Firewall / Dual-WAN / NAT | ATT igc1 primary; 5 static IPs allocated; legacy WAN retiring | -| 🔧 | Caddy (new) | znas / Swarm | — | Reverse proxy — CrowdSec edition | `serfriz/caddy-crowdsec-geoip-ratelimit-security-dockerproxy`; migration in progress; `caddy.yaml` | -| ✅ | Caddy (legacy) | znas / Swarm | — | Reverse proxy | `lucaslorentz/caddy-docker-proxy`; `caddy-1.yaml` | -| ✅ | Authentik | znas / Swarm | — | SSO / IdP | Protects `*.netgrimoire.com` services | -| ✅ | Authelia | znas / Swarm | — | SSO / IdP | Protects `*.wasted-bandwidth.net` services | -| ✅ | WireGuard | OPNsense | — | VPN | Peers: Obie (.2), pncfishandmore (.3), GLNet (.4/.6), PortaPotty (.5) — 192.168.32.0/24 | -| ✅ | OpenVPN | OPNsense | — | VPN | Configured alongside WireGuard | -| ✅ | Gluetun | docker2 / Compose | — | VPN gateway container | PIA VPN; Jackett + Transmission share `network_mode: container:gluetun` | -| ✅ | Internal DNS | 192.168.5.7 | dns.netgrimoire.com | Internal name resolution | Technitium DNS; behind Authentik | -| ✅ | LLDAP | znas / Swarm | ldap.netgrimoire.com | Lightweight LDAP directory | `lldap/lldap:stable` + postgres; user management backend | -| 📋 | dnscrypt-proxy | TBD | — | Encrypted upstream DNS | Pending install | -| 📋 | Suricata | OPNsense | — | IDS/IPS | Pending config | -| 📋 | Zenarmor | OPNsense | — | Deep packet inspection (free tier) | Pending install | -| 📋 | os-git-backup | OPNsense | — | OPNsense config backup to git | Pending install | - ---- - -## 🔒 Security - -| Status | App | Host / Runtime | URL | Purpose | Notes | -|--------|-----|----------------|-----|---------|-------| -| ✅ | CrowdSec | OPNsense + Swarm | — | Threat intelligence / IP blocking | OPNsense bouncer active; Caddy bouncer in progress | -| ✅ | Vaultwarden | znas / Swarm | pass.netgrimoire.com | Password manager | `vaultwarden/server` | -| 🔧 | CrowdSec Caddy Bouncer | znas / Swarm | — | HTTP-level blocking | Gradual rollout via `caddy.import=crowdsec` label per service | -| 🔧 | OPNsense Spamhaus + GeoIP | OPNsense | — | IP blocklist / geo-blocking | Currently DISABLED — needs fixing | -| 📋 | YubiKey PIV (SSH) | All hosts | — | Smartcard SSH authentication | Highest-impact pending integration | -| 📋 | YubiKey Challenge-Response | znas | — | LUKS / Kopia key derivation | Planned | - ---- - -## 📧 Email - -| Status | App | Host / Runtime | URL | Purpose | Notes | -|--------|-----|----------------|-----|---------|-------| -| ✅ | MailCow | docker4 / Compose | mail.netgrimoire.com + all domains | Self-hosted mail server | hermes.netgrimoire.com; MXRoute inbound filter + outbound relay for all 8 domains | -| ✅ | Roundcube | docker4 / Swarm | — | Webmail | SSL peer verify disabled for internal dovecot; SRS catch-all aliases configured | -| ✅ | MXRoute | External | — | Inbound filter + outbound relay | Two DKIM selectors: `mailcow` + `mxroute` | -| 📋 | Dedicated ATT_Mail IP | OPNsense | — | Separate static IP for mail traffic | Assignment still pending | - -**Domains:** netgrimoire.com · pncharris.com · nucking-futz.com · wasted-bandwidth.net · florosafd.org · gnarlypandaproductions.com · pncfishandmore.com · pncharrisenterprises.com - ---- - -## 🎬 Media — Video - -| Status | App | Host / Runtime | URL | Purpose | Notes | -|--------|-----|----------------|-----|---------|-------| -| ✅ | Jellyfin | docker5 / Compose | — | Media server | Port 8096; VAAPI via `/dev/dri`; dedicated static IP 107.133.34.147 | -| ✅ | Jellyfinx | docker5 / Compose | — | Green Door media server | Port 7096; separate instance; Green + AfterDark library mounts | -| ✅ | Sonarr | znas / Swarm | — | TV show downloader | `linuxserver/sonarr` | -| ✅ | Radarr | znas / Swarm | — | Movie downloader | `linuxserver/radarr` | -| ✅ | Bazarr | znas / Swarm | bazarr.netgrimoire.com | Subtitle management | `linuxserver/bazarr` | -| ✅ | Tunarr | znas / Swarm | — | IPTV channel creation | `chrisbenincasa/tunarr`; ErsatzTV replacement (ErsatzTV archived Feb 2026) | -| ✅ | JellySeerr | znas / Swarm | requests.netgrimoire.com | Media request management | `fallenbagel/jellyseerr` | -| ✅ | JellyStat | znas / Swarm | — | Jellyfin usage statistics | `cyfershepard/jellystat` + postgres | -| ✅ | TinyMediaManager | znas / Swarm | tmm.netgrimoire.com | Media metadata manager | `tinymediamanager/tinymediamanager` | -| ✅ | Pinchflat | znas / Swarm | pinchflat.netgrimoire.com | YouTube channel downloader | `kieraneglin/pinchflat` | -| 📋 | MeTube | TBD | — | YouTube downloader | Needed for Tunarr period-accurate filler sourcing workflow | -| 🔍 | Wizarr | TBD | — | Jellyfin user onboarding | Evaluating | - ---- - -## 🎵 Media — Audio - -| Status | App | Host / Runtime | URL | Purpose | Notes | -|--------|-----|----------------|-----|---------|-------| -| ✅ | Lidarr | znas / Swarm | — | Music downloader | (Caddy label not found in yaml — likely static Caddyfile entry) | -| ✅ | Beets | znas / Swarm | beets.netgrimoire.com | Music library tagging | `linuxserver/beets` | -| 🔍 | Navidrome | TBD | — | Music streaming server | Lightweight Subsonic-compatible | -| 🔍 | Soularr | TBD | — | Soulseek integration for Lidarr | Strongly recommended; fills gaps Usenet/torrents miss | -| 🔍 | Tubifarry | TBD | — | Spotify playlists → YouTube → Lidarr | https://github.com/TypNull/Tubifarry | - ---- - -## 📚 Media — Books & Comics - -| Status | App | Host / Runtime | URL | Purpose | Notes | -|--------|-----|----------------|-----|---------|-------| -| ✅ | Calibre | znas / Compose | calibre.netgrimoire.com | Ebook library management | `linuxserver/calibre`; port 7070; behind Authentik; requires `seccomp=unconfined` (Compose-only) | -| ✅ | Calibre-Web Automated | znas / Swarm | books.netgrimoire.com · books.pncharris.com | Web UI + auto-import | `crocodilestick/calibre-web-automated`; dual-domain Caddy label | -| ✅ | Calibre-Web (library) | znas / Swarm | — | Secondary Calibre-Web instance | `linuxserver/calibre-web`; hostname `calibre-netgrimoire`; `library.yaml` | -| ✅ | Readarr | znas / Swarm | — | Book downloader | Using `blampe/rreading-glasses` image | -| 📋 | Mylar | znas / Swarm | — | Comic book downloader | Not currently running; needs setup soon. Reference `archive/arr.yaml` for old config | -| ✅ | Kavita | znas / Swarm | kavita.netgrimoire.com | Ebook/comic reader | `jvmilazz0/kavita` | -| ✅ | Comixed | znas / Swarm | comics.netgrimoire.com | Comic library server | `comixed/comixed` | -| ✅ | FreshRSS | znas / Swarm | rss.netgrimoire.com | RSS aggregator | `linuxserver/freshrss` | -| 🔍 | Komga | TBD | — | Comic/manga server | Evaluating vs Kavita/Comixed | -| 🔍 | MyAnonaMouse | TBD | — | Private ebook tracker | Worth investigating | - ---- - -## 📥 Download Stack - -| Status | App | Host / Runtime | URL | Purpose | Notes | -|--------|-----|----------------|-----|---------|-------| -| ✅ | NZBGet | znas / Swarm | — | Usenet download manager | `linuxserver/nzbget` | -| ✅ | SABnzbd | znas / Swarm | — | Usenet download manager | `linuxserver/sabnzbd` | -| ✅ | NZBHydra | znas / Swarm | hydra.netgrimoire.com | Usenet indexer aggregator | `linuxserver/nzbhydra2:dev`; altHUB, NZBGeek, Drunken Slug, Usenet Crawler, DogNZB | -| ✅ | Jackett | docker2 / Compose | jackett.netgrimoire.com | Torrent indexer | Runs inside Gluetun network; behind Authentik | -| ✅ | Transmission | docker2 / Compose | — | Torrent client | `network_mode: container:gluetun`; shares Gluetun VPN | -| ✅ | Recyclarr | znas / Swarm | — | Sonarr/Radarr quality profile sync | `recyclarr/recyclarr` | -| ✅ | Profilarr | znas / Swarm | profilarr.netgrimoire.com | Quality profile management | `santiagosayshey/profilarr` | -| ✅ | Configarr | znas / Swarm | configarr.netgrimoire.com | Arr config management | `raydak-labs/configarr` | -| 📋 | Prowlarr | TBD | — | Unified indexer manager | Low priority — light torrent usage; NZBHydra covers current needs | - ---- - -## 🤖 AI & Automation (Gremlin Stack) - -> All pinned to `znas` node on Docker Swarm via `swarm/ollama.yaml`. - -| Status | App | Host / Runtime | URL | Purpose | Notes | -|--------|-----|----------------|-----|---------|-------| -| ✅ | Ollama | znas / Swarm | — | Local LLM inference | CPU-only (Ryzen); 3B–14B models | -| ✅ | Open WebUI | znas / Swarm | — | Chat interface for Ollama | `ghcr.io/open-webui/open-webui` | -| ✅ | Qdrant | znas / Swarm | — | Vector database for RAG | Wiki.js / markdown doc search | -| ✅ | n8n | znas / Swarm | — | Workflow automation | Forgejo webhook → doc gen, compose validation, alert triage | -| 🔍 | Perplexica | TBD | — | Self-hosted AI search | https://github.com/ItzCrazyKns/Perplexica | - ---- - -## ☁️ Files, Notes & Personal Apps - -| Status | App | Host / Runtime | URL | Purpose | Notes | -|--------|-----|----------------|-----|---------|-------| -| ✅ | Nextcloud AIO | znas / Compose | cloud.netgrimoire.com | File sync / cloud storage | `nextcloud/all-in-one`; data at `/srv/NextCloud-AIO`; Caddy → port 11000 | -| ✅ | Immich | znas / Compose | immich.netgrimoire.com | Photo management | Port 2283; Postgres dump + Kopia backup; external photo + Nextcloud mounts | -| ✅ | Joplin Server | znas / Swarm | joplin.netgrimoire.com | Note sync server | `joplin/server` + postgres; Homepage widget configured | -| ✅ | Vikunja | znas / Swarm | task.netgrimoire.com | Task management | `vikunja/vikunja` + MariaDB | -| ✅ | Linkding | znas / Swarm | link.netgrimoire.com | Bookmark manager | `sissbruecker/linkding:1.13.0` | -| ✅ | Mealie | znas / Swarm | recipe.netgrimoire.com | Recipe manager | `ghcr.io/mealie-recipes/mealie` | -| ✅ | Wallos | znas / Swarm | expense.netgrimoire.com | Subscription / expense tracker | `bellamy/wallos` | -| ✅ | DailyTxT | znas / Swarm | — | Encrypted diary | `phitux/dailytxt:2.x.x` | -| ✅ | Bigcapital | docker5 / Compose | accounts.netgrimoire.com | Accounting / invoicing | Static Caddyfile entry; `{{upstreams}}` doesn't work for Compose stacks | -| ✅ | Scanopy | znas / Swarm | scn.netgrimoire.com | Document scanner | `ghcr.io/scanopy/scanopy` (server + daemon) + postgres | -| ✅ | Glance | znas / Swarm | home.netgrimoire.com | Alternative dashboard | `glanceapp/glance` | -| 📋 | Memos | TBD | — | Self-hosted journaling | Preferred journal addition (alongside Joplin for notes) | -| 🔍 | Wallabag | TBD | — | Read-it-later / article saving | | -| 🔍 | Fluid Calendar | TBD | — | Self-hosted calendar | https://github.com/dotnetfactory/fluid-calendar | -| 🔍 | Firefly III | TBD | — | Personal finance / budgeting | | -| 🔍 | Stirling-PDF | TBD | — | PDF editor / tools | | -| 🔍 | Excalidraw | TBD | — | Collaborative whiteboard | | -| 🔍 | Baikal | TBD | — | CalDAV / CardDAV sync | https://sabre.io/baikal/ | - ---- - -## 📝 Documentation & Dev - -| Status | App | Host / Runtime | URL | Purpose | Notes | -|--------|-----|----------------|-----|---------|-------| -| ✅ | Wiki.js | znas / Swarm | wiki.netgrimoire.com | Documentation wiki | `requarks/wiki:2` + postgres; Grimoire theme; Forgejo git backend | -| ✅ | Draw.io | znas / Swarm | draw.netgrimoire.com | Diagramming | `jgraph/drawio`; co-deployed in `wiki.yaml` | -| ✅ | Forgejo | znas / Swarm | git.netgrimoire.com | Self-hosted Git | `codeberg.org/forgejo/forgejo:11`; source of truth for Wiki.js + Gremlin | -| ✅ | Forgejo Runner | znas / Swarm | — | CI/CD | `data.forgejo.org/forgejo/runner:4.0.0`; `gitrunner.yaml` | -| ✅ | VS Code Server | znas / Swarm | code.netgrimoire.com | Web-based IDE | `linuxserver/code-server` | -| ✅ | Webtop (ubuntu-kde) | znas / Compose | webtop.netgrimoire.com | Browser-based desktop | Software rendering via llvmpipe; behind Authentik | -| ✅ | Firefox (container) | znas / Swarm | firefox.netgrimoire.com | Containerized browser | `jlesage/firefox` | - ---- - -## 📊 Monitoring & Observability - -| Status | App | Host / Runtime | URL | Purpose | Notes | -|--------|-----|----------------|-----|---------|-------| -| ✅ | Uptime Kuma | znas / Swarm | — | Service uptime monitoring | `louislam/uptime-kuma:1` | -| ✅ | AutoKuma | znas / Swarm | — | Auto-create Kuma monitors from labels | `ghcr.io/bigboot/autokuma`; co-deployed in `kuma.yaml` | -| ✅ | Beszel | znas / Swarm | — | Docker resource monitoring | `henrygd/beszel` hub + agents on all nodes | -| ✅ | DIUN | znas / Swarm | — | Docker image update notifications | `crazymax/diun`; label-based per-service | -| ✅ | ntfy | znas / Swarm | ntfy.netgrimoire.com | Push notifications | `binwiederhier/ntfy`; OPNsense alerts via CrowdSec HTTP plugin | -| ✅ | Dozzle | znas / Swarm | dozzle.netgrimoire.com | Real-time container logs | `amir20/dozzle`; behind Authentik | -| ✅ | Scrutiny | znas / Compose | scrutiny.netgrimoire.com | Disk S.M.A.R.T. monitoring | `analogj/scrutiny:master-omnibus`; monitors /dev/sda–sdg; behind Authentik | -| ✅ | Glances | znas / Compose | — | Real-time system stats | `nicolargo/glances`; `network_mode: host`; co-deployed in `monitor.yaml` | -| ✅ | Graylog | docker4 / Compose | log.netgrimoire.com | Log aggregation | Graylog 6.0 + MongoDB 5 + DataNode (OpenSearch); compose-only (noted in file) | -| ✅ | LibreNMS | docker3 / Compose | nms.netgrimoire.com | Network/SNMP monitoring | Full stack: librenms + dispatcher + syslog-ng + snmptrapd + MariaDB + Redis; port 8000 | -| ✅ | Homelable | znas / Compose | — | Infrastructure visualizer | Frontend + Backend via GHCR; MCP deferred (requires build from source) | -| ✅ | phpIPAM | znas / Swarm | ipam.netgrimoire.com | IP address management | `phpipam/phpipam-www` + cron + MariaDB | -| ✅ | Homepage | znas / Swarm | — | Primary dashboard | `ghcr.io/gethomepage/homepage` | -| ✅ | Glance | znas / Swarm | home.netgrimoire.com | Alternative dashboard | `glanceapp/glance` | -| ✅ | Dockpeek | znas / Swarm | dockpeek.netgrimoire.com | Container inspector | `dockpeek/dockpeek` | -| ✅ | Loki + Promtail + Grafana | znas / Swarm | — | Metrics/log stack | `logging.yaml`; Grafana 10.4.2 + Loki 2.9.3 + Promtail 2.9.3 | -| ✅ | phpMyAdmin + phpPgAdmin | znas / Swarm | — | DB admin UIs | `SQL-mgmt.yaml` | -| ✅ | pgAdmin | znas / Swarm | — | Postgres admin | `dpage/pgadmin4`; `database.yaml` | -| 🔍 | WatchYourLAN | TBD | — | Network device tracker | https://github.com/aceberg/WatchYourLAN | -| 🔍 | NUT UPS | TBD | — | UPS power management | https://hub.docker.com/r/instantlinux/nut-upsd | -| 🔍 | OliveTin | TBD | — | Web button → shell command | Run commands from web UI | -| 🔍 | Swarm Dashboard | TBD | — | Docker Swarm visualizer | https://github.com/mohsenasm/swarm-dashboard | - ---- - -## 💾 Storage & Backup - -| Status | App | Host / Runtime | URL | Purpose | Notes | -|--------|-----|----------------|-----|---------|-------| -| ✅ | OpenZFS (ZNAS) | znas | — | Primary storage | ~94TB raw, two RAIDZ1 VDEVs; vault pool | -| ✅ | NFSv4 | znas | — | Shared storage for Swarm | Loopback NFS at `/data/nfs/znas`; ZFS must fully mount before NFS starts | -| ✅ | Kopia (primary vault) | znas / Swarm | kopia.netgrimoire.com | Primary backup repo | `kopia.yaml`; dedup + replication | -| ✅ | Kopia (offsite vault) | znas / Swarm | vault.netgrimoire.com | Offsite replication server | `vault.yaml`; port 51516; separate dataset → ZFS raw send to Pi vaults | -| ✅ | syncoid | znas | — | ZFS replication | Syncs vault/Green/Pocket → Pocket Grimoire | -| ✅ | Nextcloud AIO BorgBackup | znas | — | Nextcloud-native backup | Local snapshots before Kopia | -| ✅ | Czkawka | znas / Swarm | dupes.netgrimoire.com | Duplicate file finder | `jlesage/czkawka` | -| ✅ | Cloud Commander | znas / Swarm | — | Web file manager | `coderaiser/cloudcmd`; **two instances** (`cloudcmd.yaml` + `commander.yaml`) — verify if intentional | -| ✅ | File Browser | znas / Swarm | — | Web file manager | `filebrowser/filebrowser` | -| 🔍 | Manyfold | TBD | — | 3D print model collector | https://github.com/manyfold3d/manyfold | - ---- - -## 🖥️ Management & Remote Access - -| Status | App | Host / Runtime | URL | Purpose | Notes | -|--------|-----|----------------|-----|---------|-------| -| ✅ | Portainer | znas / Swarm | docker.netgrimoire.com | Container management UI | `portainer/portainer-ce:2.33.6` + agents on all nodes | -| ✅ | ISPConfig | 192.168.4.11 | — | Web/DNS hosting control panel | | -| ✅ | Cockpit | All hosts | win.netgrimoire.com | Linux server management | Caddy → `192.168.5.10:8006` | -| ✅ | Termix | znas / Swarm | termix.netgrimoire.com | Web-based terminal | `ghcr.io/lukegus/termix` | -| ✅ | DumbTerm | znas / Swarm | — | Simple web terminal | `dockwareio/dumbterm` | -| ✅ | Windows 7 (VM) | znas / Compose | — | Windows VM | `dockurr/windows`; `windows7.yaml` | -| 🔍 | Guacamole | TBD | — | Remote desktop gateway | Previously tried as `nxterm` — in archive | -| 🔍 | SSHwifty | TBD | — | SSH web client | In archive; reconsidering | - ---- - -## 🎭 Green Door (Adult Content) - -> Protected behind Authelia (`*.wasted-bandwidth.net`) - -| Status | App | Host / Runtime | URL | Purpose | Notes | -|--------|-----|----------------|-----|---------|-------| -| ✅ | Whisparr | znas / Swarm | — | Adult content downloader | `ghcr.io/hotio/whisparr` | -| ✅ | Namer | znas / Compose | namer.wasted-bandwidth.net | Scene file namer | `theporndatabase/namer`; port 6980; data → `/data/nfs/Baxter/Green/` | -| ✅ | Stash (main) | znas / Compose | stash.wasted-bandwidth.net | Adult content library | `stashapp/stash`; port 9999 | -| ✅ | PocketStash | znas / Compose | — | Stash for Pocket Grimoire | Separate instance; port 9998; data → `/export/Green/Pocket/`; `pocketstash.yaml` | - ---- - -## 🌐 Web Hosting - -| Status | App | Host / Runtime | URL | Purpose | Notes | -|--------|-----|----------------|-----|---------|-------| -| ✅ | Apache/PHP web | znas / Swarm | fish.pncharris.com · www.wasted-bandwidth.net | Static/PHP web hosting | `php:8.2-apache`; `web.yaml`; replicas: 1 | - ---- - -## 📦 Archive (Not Currently Running) - -> Files in `archive/` — previously evaluated or deployed, not currently active. - -| App | File | Notes | -|-----|------|-------| -| Plex | `plex.yaml` | Replaced by Jellyfin | -| Komodo | `komodo.yaml` | Container management platform — evaluated, not deployed | -| cAdvisor | `cadvisor.yaml` | Container metrics — not deployed | -| Peekaping | `peekaping.yaml` | Uptime monitor — Kuma preferred | -| WatchState | `WatchState.yaml` | Jellyfin/Plex watch state sync | -| Nessus | `nessus.yaml` | Vulnerability scanner — evaluated | -| NxTerm | `nxterm.yaml` | Guacamole-style remote desktop — evaluated | -| SSHwifty | `sshwifty.yaml` | SSH web client — evaluated | -| Wordpress Classifieds | `wordpress-classifieds.yaml` | Not deployed | -| Cal (calendar?) | `cal.yaml` | Evaluated | -| CrowdSec (standalone) | `crowdsec.yaml` | Merged into Caddy stack | -| Arr stack | `arr.yaml` | Old consolidated arr compose — superseded by individual yamls | -| Caddyfile.old | `Caddyfile.old` | Legacy Caddyfile | - ---- - -## 🗃️ Ideas Backlog - -| App | Category | Notes | -|-----|----------|-------| -| Soularr | Audio | Soulseek for Lidarr; strongly recommended | -| Tubifarry | Audio | Spotify → YouTube → Lidarr | -| MeTube | Video | YouTube downloader for Tunarr filler | -| Memos | Journal | Preferred self-hosted journal pick | -| Wallabag | Reading | Read-it-later | -| Firefly III | Finance | Budgeting | -| Baikal | PIM | CalDAV/CardDAV | -| Fluid Calendar | PIM | https://github.com/dotnetfactory/fluid-calendar | -| Perplexica | AI | Self-hosted AI search | -| WatchYourLAN | Network | Device tracker | -| OliveTin | Automation | Web UI → shell commands | -| Swarm Dashboard | Monitoring | Swarm-aware visualizer | -| ContainerNursery | Automation | On-demand container start/stop | -| NUT UPS | Power | UPS management | -| Wire-pod for Vector | IoT | Anki Vector local server | -| Kindle reuse | IoT | Repurpose Kindle as weather/info display | -| Collectarr | Media | https://github.com/RiffSphere/Collectarr | -| SuggestArr | Media | Automated media recommendations | -| Recommendarr | Media | AI media recommendations | -| Manyfold | 3D Print | Model library | -| OrcaSlicer | 3D Print | Slicer web UI | -| Memos / Journiv | Journal | Self-hosted journaling (Memos preferred) | -| Romm | Gaming | ROM library manager | -| EmulatorJS | Gaming | Browser-based emulation | - ---- - -## 🔑 Key Architecture Decisions & Gotchas - -> Reference these before deploying or modifying services. - -- **MailCow network isolation:** Only `nginx-mailcow` on the `netgrimoire` overlay. All other containers stay on internal bridge. Mixing causes PHP-FPM → Redis DNS conflicts. -- **caddy-docker-proxy + static Caddyfile conflict:** Never manage the same hostname via both Docker labels AND a static block. Pick one method exclusively per service. -- **`{{upstreams}}` is Swarm-only:** Does not work for Docker Compose stacks. Use static Caddyfile with container name or pinned IP. -- **Docker Compose `ports: []` override:** Does not nullify ports from base file. Remap to unused host ports instead. -- **Graylog is Compose-only:** The `graylog.yaml` file explicitly notes this — do not attempt to run it in Swarm. -- **Calibre requires `seccomp=unconfined`:** Necessary for the desktop app container; incompatible with Swarm mode — must remain in `compose/znas/`. -- **Kopia repos not ZFS-separable:** Use separate repositories with independent retention (`kopia.yaml` vs `vault.yaml`) rather than trying to separate at the ZFS snapshot level. -- **ZFS encryption:** In-place encryption impossible. Use rsync migration + `-w` flag for raw send to Pi vaults (no key needed on vault side). -- **SRS rewrite:** All domains using MXRoute inbound forwarding require catch-all aliases in MailCow to prevent `reject_unlisted_sender` rejections. -- **Docker Swarm DNS caching:** Use `endpoint_mode: dnsrr` for internal services; VIP only for published-port services. -- **NFS boot ordering on znas:** ZFS must fully mount before NFS starts — systemd override required (`After=zfs-import.target zfs-mount.service`). Loopback NFS mount needs `x-systemd.after=nfs-server.service` in fstab. -- **Wiki.js angle brackets:** `` placeholders cause rendering hangs. Use `VALUE` or backtick format instead. -- **bcrypt in `.env`:** Wrap full hash in single quotes to preserve leading `$`. -- **Webtop GPU rendering:** Requires `LIBGL_ALWAYS_SOFTWARE=1` + `GALLIUM_DRIVER=llvmpipe`; remove `devices:/dev/dri` mapping. -- **Cloud Commander duplication:** Two nearly identical `coderaiser/cloudcmd` stacks exist (`cloudcmd.yaml` + `commander.yaml`) — verify if intentional or a duplicate to clean up. -- **Lidarr missing Caddy label:** Lidarr yaml has no caddy label — either routed via static Caddyfile or not yet exposed. Confirm and standardize. - ---- - -*Last updated: March 2026 | Source: Forgejo repo git archive* \ No newline at end of file diff --git a/Work/C9300GX-Port_Breakout.md b/Work/C9300GX-Port_Breakout.md index 6766fc8..65f353a 100644 --- a/Work/C9300GX-Port_Breakout.md +++ b/Work/C9300GX-Port_Breakout.md @@ -2,7 +2,7 @@ title: Nexus Upgrade port Breakout description: published: true -date: 2026-02-20T19:24:28.054Z +date: 2026-02-20T19:24:19.622Z tags: editor: markdown dateCreated: 2026-02-19T20:55:53.800Z diff --git a/Work/C9300GX_2_Build.md b/Work/C9300GX_2_Build.md index f6fc061..cb77c61 100644 --- a/Work/C9300GX_2_Build.md +++ b/Work/C9300GX_2_Build.md @@ -2,7 +2,7 @@ title: C9300GX Initial Build description: published: true -date: 2026-02-19T20:54:08.096Z +date: 2026-02-19T20:53:59.281Z tags: editor: markdown dateCreated: 2026-02-19T20:50:41.541Z diff --git a/Work/Cisco/NTP_ESS9300.md b/Work/Cisco/NTP_ESS9300.md deleted file mode 100644 index 78c8228..0000000 --- a/Work/Cisco/NTP_ESS9300.md +++ /dev/null @@ -1,899 +0,0 @@ ---- -title: ESS9300 NTP -description: -published: true -date: 2026-03-31T21:25:14.679Z -tags: -editor: markdown -dateCreated: 2026-03-31T21:25:08.700Z ---- - -# Cisco ESS 9300 (IE-9300) NTP Configuration and Troubleshooting Guide - -## Overview - -This guide provides complete NTP (Network Time Protocol) configuration steps and troubleshooting procedures for the Cisco Catalyst ESS 9300 (IE-9300) industrial Ethernet switch running IOS-XE. Accurate time synchronization is critical for logging, AAA, certificates, syslog correlation, and distributed system troubleshooting. - ---- - -## NTP Configuration - -### Basic NTP Server Configuration - -```cisco -configure terminal - -! Configure NTP servers (use multiple servers for redundancy) -ntp server 10.1.1.10 prefer -ntp server 10.1.1.11 -ntp server 192.0.2.1 - -! Configure NTP source interface (optional but recommended) -ntp source GigabitEthernet1/1 - -! Alternatively, use management interface if configured -! ntp source GigabitEthernet0/0 - -! Set timezone (adjust to your location) -clock timezone EST -5 0 - -! Configure daylight saving time (if applicable) -clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 - -! Save configuration -end -write memory -``` - -### NTP Authentication (Recommended for Production) - -```cisco -configure terminal - -! Enable NTP authentication -ntp authenticate - -! Create authentication keys (key ID 1-65535) -ntp authentication-key 1 md5 YourSecureKey123 -ntp authentication-key 2 md5 AnotherSecureKey456 - -! Specify trusted keys -ntp trusted-key 1 -ntp trusted-key 2 - -! Apply authentication to NTP servers -ntp server 10.1.1.10 prefer key 1 -ntp server 10.1.1.11 key 2 - -end -write memory -``` - -### NTP Access Control (Security Best Practice) - -```cisco -configure terminal - -! Define access control for NTP -! peer: Allow time sync from these sources -! serve: Respond to time requests from these sources -! serve-only: Respond to requests but don't sync from them -! query-only: Allow status queries only - -ntp access-group peer 10 -ntp access-group serve 20 -ntp access-group query-only 30 - -! Create access lists -access-list 10 remark NTP Peers - Allow sync -access-list 10 permit 10.1.1.0 0.0.0.255 - -access-list 20 remark NTP Serve - Respond to requests -access-list 20 permit 10.0.0.0 0.255.255.255 - -access-list 30 remark NTP Query - Status queries only -access-list 30 permit 192.168.0.0 0.0.255.255 - -end -write memory -``` - -### NTP Master Configuration (Switch as Time Source) - -```cisco -configure terminal - -! Configure switch as NTP master (stratum level) -! Only use if external NTP servers are unavailable -ntp master 8 - -! This makes the switch authoritative at stratum 8 -! Lower stratum = higher priority (1 is highest, typically atomic clocks) -! Use stratum 8-15 for internal masters - -end -write memory -``` - -### Advanced NTP Configuration - -```cisco -configure terminal - -! Update calendar from NTP (hardware clock sync) -ntp update-calendar - -! Disable NTP on specific interfaces (if needed) -interface GigabitEthernet1/10 - ntp disable - exit - -! Configure NTP broadcast (server mode) -interface GigabitEthernet1/1 - ntp broadcast - exit - -! Configure NTP broadcast client (client mode) -interface GigabitEthernet1/2 - ntp broadcast client - exit - -! Configure NTP logging -service timestamps log datetime msec localtime show-timezone -service timestamps debug datetime msec localtime show-timezone - -end -write memory -``` - ---- - -## Verification Commands - -### Check NTP Status - -```cisco -! Show NTP status summary -show ntp status - -! Expected output when synchronized: -! Clock is synchronized, stratum 3, reference is 10.1.1.10 -! nominal freq is 250.0000 Hz, actual freq is 250.0008 Hz, precision is 2**10 -! ntp uptime is 86400 (1/100 of seconds), resolution is 4016 -! reference time is E8C9A234.1F2E3D4C (10:15:48.121 EST Mon Jan 15 2024) -! clock offset is -0.5234 msec, root delay is 12.34 msec -! root dispersion is 45.67 msec, peer dispersion is 1.23 msec -! loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000008234 s/s -! system poll interval is 64, last update was 25 sec ago -``` - -### Check NTP Associations - -```cisco -! Show all NTP associations (peers) -show ntp associations - -! Detailed view -show ntp associations detail - -! Column descriptions: -! * = synchronized, + = candidate, # = selected, - = outlier -! address: NTP server address -! ref clock: reference source of the server -! st: stratum level -! when: last packet received (seconds) -! poll: polling interval (seconds) -! reach: reachability (377 octal = all 8 attempts successful) -! delay: round-trip delay (ms) -! offset: time difference (ms) -! disp: dispersion/jitter (ms) -``` - -### Check Clock and Time - -```cisco -! Display current time -show clock - -! Display detailed clock information -show clock detail - -! Show calendar (hardware clock) -show calendar -``` - -### Check NTP Configuration - -```cisco -! Show all NTP configuration -show ntp config - -! Show running NTP configuration -show running-config | include ntp -show running-config | include clock -``` - -### Check NTP Authentication - -```cisco -! Show authentication keys (hashed) -show ntp authentication-keys - -! Show authentication status -show ntp status | include authentication -``` - ---- - -## Common Configuration Examples - -### Example 1: Industrial Network Configuration - -```cisco -configure terminal - -! Use site NTP servers -ntp server 10.100.1.10 prefer -ntp server 10.100.1.11 -ntp server 10.100.1.12 - -! Use primary uplink as source -ntp source GigabitEthernet1/1 - -! Central Standard Time -clock timezone CST -6 0 -clock summer-time CDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 - -! Sync hardware clock -ntp update-calendar - -! Enable timestamps -service timestamps log datetime msec localtime show-timezone -service timestamps debug datetime msec localtime show-timezone - -end -write memory -``` - -### Example 2: Secure Configuration with Authentication - -```cisco -configure terminal - -! Enable NTP authentication -ntp authenticate -ntp authentication-key 10 md5 Ind_NTP_K3y_2024 -ntp trusted-key 10 - -! Configure authenticated servers -ntp server 10.100.1.10 prefer key 10 -ntp server 10.100.1.11 key 10 - -! Access control -ntp access-group peer 10 -ntp access-group query-only 30 - -access-list 10 remark NTP Peers -access-list 10 permit 10.100.1.0 0.0.0.255 - -access-list 30 remark NTP Query -access-list 30 permit 10.100.0.0 0.0.255.255 - -! Source and timezone -ntp source GigabitEthernet1/1 -clock timezone CST -6 0 -clock summer-time CDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 - -ntp update-calendar - -service timestamps log datetime msec localtime show-timezone - -end -write memory -``` - -### Example 3: Redundant Time Source with Fallback - -```cisco -configure terminal - -! Primary NTP servers -ntp server 10.100.1.10 prefer -ntp server 10.100.1.11 - -! Fallback to public NTP if internal servers fail -ntp server 129.6.15.28 -ntp server 132.163.96.1 - -! Use as master only if all external sources fail -ntp master 10 - -ntp source GigabitEthernet1/1 -clock timezone EST -5 0 -clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 - -ntp update-calendar - -end -write memory -``` - ---- - -## Troubleshooting Guide - -### Issue: NTP Not Synchronizing - -**Symptoms:** -- `show ntp status` shows "Clock is unsynchronized" -- No asterisk (*) appears in `show ntp associations` -- "unsynchronized" appears in status output - -**Troubleshooting Steps:** - -1. **Verify NTP servers are configured:** - ```cisco - show running-config | include ntp server - ``` - -2. **Check network connectivity to NTP servers:** - ```cisco - ping 10.1.1.10 - ping 10.1.1.10 source GigabitEthernet1/1 - traceroute 10.1.1.10 - ``` - -3. **Verify NTP packets are being exchanged:** - ```cisco - show ntp associations detail - ! Check 'reach' value - should be 377 (octal) = all attempts successful - ! Check 'when' value - should be recent (< poll interval) - ``` - -4. **Check for authentication mismatches:** - ```cisco - show ntp status - ! Look for authentication errors - debug ntp all - ! Watch for authentication failures - undebug all - ``` - -5. **Verify access lists aren't blocking NTP:** - ```cisco - show access-lists - ! NTP uses UDP port 123 - ! Verify ACLs allow UDP 123 traffic - ``` - -6. **Check for large time offset:** - ```cisco - show ntp associations detail - ! If offset > 1000 seconds, manually set clock first - clock set 14:30:00 15 January 2024 - ``` - -7. **Verify source interface is up:** - ```cisco - show ip interface brief | include GigabitEthernet1/1 - ! Source interface must be up/up - ``` - -### Issue: High Offset or Jitter - -**Symptoms:** -- Time drifts significantly -- High offset values in `show ntp associations` -- Inconsistent time across devices - -**Troubleshooting Steps:** - -1. **Check network latency and stability:** - ```cisco - ping 10.1.1.10 repeat 100 - ! Look for: - ! - Packet loss (should be 0%) - ! - High round-trip time (> 100ms problematic) - ! - Variable latency (jitter) - ``` - -2. **Verify stratum levels:** - ```cisco - show ntp associations - ! Stratum (st) should be: - ! - < 10 for reliable servers - ! - Lower is better (1 = atomic clock, 2 = GPS) - ! - Your switch should be stratum +1 from source - ``` - -3. **Increase number of NTP servers:** - ```cisco - ! Use at least 3 servers for best accuracy - ! NTP uses voting algorithm to select best time source - configure terminal - ntp server 10.1.1.12 - ntp server 10.1.1.13 - ``` - -4. **Check upstream NTP server health:** - ```cisco - show ntp associations detail - ! Verify servers show: - ! - condition = 'sys.peer' or 'candidate' - ! - reach = 377 - ! - Low dispersion (disp) - ``` - -5. **Monitor polling interval:** - ```cisco - show ntp associations - ! Poll interval should stabilize at 64-1024 seconds - ! Frequent changes indicate instability - ``` - -### Issue: Authentication Failures - -**Symptoms:** -- Peers show as unreachable despite network connectivity -- NTP status shows authentication errors -- Reach value remains 0 - -**Troubleshooting Steps:** - -1. **Verify authentication is enabled:** - ```cisco - show ntp status | include authentication - ! Should show: "authentication enabled" - ``` - -2. **Check authentication keys are configured:** - ```cisco - show ntp authentication-keys - ! Verify key IDs exist - ``` - -3. **Verify trusted keys:** - ```cisco - show running-config | include ntp trusted-key - ! Keys must be marked as trusted - ``` - -4. **Confirm server configuration uses correct key:** - ```cisco - show running-config | include ntp server - ! Verify key ID matches trusted key - ``` - -5. **Debug authentication:** - ```cisco - debug ntp authentication - debug ntp validity - ! Watch for authentication failures - ! Look for key mismatches - undebug all - ``` - -6. **Temporarily disable authentication to test:** - ```cisco - configure terminal - no ntp authenticate - ! Test if synchronization works without auth - ! Then re-enable: - ntp authenticate - ``` - -### Issue: Time Correct but Timezone Wrong - -**Symptoms:** -- NTP shows synchronized -- Time is off by exact number of hours -- Logs show incorrect time - -**Troubleshooting Steps:** - -1. **Verify timezone configuration:** - ```cisco - show running-config | include clock timezone - ! Ensure timezone offset is correct for your location - ``` - -2. **Check daylight saving time:** - ```cisco - show clock detail - ! Verify DST rules are correct - ! Look for summer-time configuration - ``` - -3. **Reconfigure timezone if needed:** - ```cisco - configure terminal - clock timezone EST -5 0 - clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 - ``` - -4. **Verify timestamps in logs:** - ```cisco - show running-config | include service timestamps - ! Should include 'localtime' and 'show-timezone' - ``` - -### Issue: Hardware Clock Not Updating - -**Symptoms:** -- `show clock` shows correct time -- `show calendar` shows old time -- Time resets after reload - -**Troubleshooting Steps:** - -1. **Verify update-calendar is configured:** - ```cisco - show running-config | include ntp update-calendar - ``` - -2. **Manually update calendar:** - ```cisco - ntp update-calendar - ! Or manually: - clock update-calendar - ``` - -3. **Check calendar after sync:** - ```cisco - show calendar - show clock - ! Should match within a few seconds - ``` - -4. **Configure automatic update:** - ```cisco - configure terminal - ntp update-calendar - end - write memory - ``` - -### Issue: NTP Works but Stops After Time - -**Symptoms:** -- NTP synchronizes initially -- Loses sync after hours/days -- Reach value degrades over time - -**Troubleshooting Steps:** - -1. **Check for network instability:** - ```cisco - show ntp associations detail - ! Monitor 'reach' value over time - ! Should remain at 377 - ``` - -2. **Verify interface stability:** - ```cisco - show interface GigabitEthernet1/1 - ! Check for errors, resets, or flapping - ``` - -3. **Check for routing changes:** - ```cisco - show ip route 10.1.1.10 - ! Verify consistent route to NTP server - ``` - -4. **Monitor NTP server health:** - ```cisco - ! Check if NTP server itself is stable - show ntp associations detail - ! Look for increasing dispersion - ``` - -5. **Check for memory or CPU issues:** - ```cisco - show processes cpu sorted - show processes memory sorted - ! High CPU or memory can affect NTP - ``` - ---- - -## Best Practices - -### Redundancy -- Configure at least **3 NTP servers** for optimal accuracy and fault tolerance -- Use diverse network paths to NTP servers when possible -- Consider geographic diversity for enterprise deployments -- Use both on-site and off-site NTP sources - -### Security -- **Always use NTP authentication** in production industrial environments -- Implement access control lists to restrict NTP access -- Use MD5 authentication keys with strong passwords -- Regularly rotate authentication keys (annually recommended) -- Monitor for NTP-based attacks (amplification, spoofing) - -### Performance -- Use `prefer` keyword on the most reliable/accurate server -- Choose NTP servers with low stratum (2-4 is ideal for enterprise) -- Select geographically close servers to minimize latency -- Avoid using stratum 1 servers directly (use stratum 2 instead) -- Ensure stable network path to NTP servers - -### Industrial Environment Considerations -- Account for temperature variations in industrial settings -- Use ruggedized NTP appliances in harsh environments -- Consider GPS-based NTP servers for isolated sites -- Implement redundant time sources for critical applications -- Test NTP resilience during network outages - -### Maintenance -- Regularly verify NTP synchronization status (daily) -- Monitor offset and jitter values (weekly) -- Review NTP logs for anomalies -- Update authentication keys periodically -- Document your NTP server hierarchy -- Test failover scenarios - -### Time Initialization -- When first configuring, manually set clock to within 1000 seconds -- NTP will refuse to sync if initial offset is too large -- Use `clock set` command before enabling NTP on new switches -- Allow 10-15 minutes for initial synchronization -- Monitor stabilization with `show ntp associations` - ---- - -## Monitoring and Logging - -### Regular Health Checks - -```cisco -! Daily verification -show ntp status | include Clock -show ntp associations | include "\*" - -! Weekly detailed check -show ntp associations detail -show clock detail - -! Check for errors -show logging | include NTP -``` - -### Enable SNMP Monitoring - -```cisco -configure terminal - -! Enable SNMP for NTP monitoring -snmp-server enable traps ntp - -! Configure SNMP trap receiver -snmp-server host 10.1.1.100 version 2c YourCommunity - -end -write memory -``` - -### Syslog Monitoring - -```cisco -configure terminal - -! Configure syslog server -logging host 10.1.1.50 - -! Set logging level -logging trap informational - -! Enable timestamps -service timestamps log datetime msec localtime show-timezone - -end -write memory -``` - -### EEM Script for NTP Monitoring - -```cisco -configure terminal - -! Create EEM applet to monitor NTP -event manager applet NTP-Monitor - event timer watchdog time 300 - action 1.0 cli command "enable" - action 2.0 cli command "show ntp status | include Clock" - action 3.0 regexp "unsynchronized" "$_cli_result" - action 4.0 if $_regexp_result eq 1 - action 4.1 syslog msg "NTP ALERT: Clock is unsynchronized" - action 4.2 cli command "show ntp associations" - action 5.0 end - -end -write memory -``` - ---- - -## Debug Commands - -### NTP Debugging - -```cisco -! Enable NTP debugging (use with caution in production) -debug ntp all -debug ntp authentication -debug ntp events -debug ntp packets -debug ntp validity - -! Disable debugging -undebug all -! Or -no debug all -``` - -### Conditional Debugging - -```cisco -! Debug specific NTP server -debug ntp packets 10.1.1.10 - -! View debug output -terminal monitor -! Then enable debugging -``` - -**Warning:** Debugging can generate significant CPU load. Use sparingly in production and disable when troubleshooting is complete. - ---- - -## Quick Reference Commands - -| Command | Purpose | -|---------|---------| -| `show ntp status` | Display synchronization status | -| `show ntp associations` | List all NTP peers and sync status | -| `show ntp associations detail` | Detailed peer statistics | -| `show clock` | Current system time | -| `show clock detail` | Time with timezone and DST info | -| `show calendar` | Hardware clock time | -| `show running-config \| include ntp` | Display NTP configuration | -| `show running-config \| include clock` | Display time configuration | -| `show ntp authentication-keys` | List configured auth keys | -| `ntp update-calendar` | Sync hardware clock from system | -| `clock update-calendar` | Alternative calendar sync | -| `clock set HH:MM:SS DD Month YYYY` | Manually set system time | - ---- - -## IOS-XE Specific Features - -### NTP Broadcast - -The ESS 9300 running IOS-XE supports NTP broadcast mode: - -```cisco -! Server sends periodic broadcasts -interface GigabitEthernet1/1 - ntp broadcast - exit - -! Client receives broadcasts -interface GigabitEthernet1/2 - ntp broadcast client - exit -``` - -### NTP Multicast - -```cisco -! Server sends to multicast group -interface GigabitEthernet1/1 - ntp multicast 224.0.1.1 - exit - -! Client receives multicast -interface GigabitEthernet1/2 - ntp multicast client 224.0.1.1 - exit -``` - -### IPv6 NTP Support - -```cisco -configure terminal - -! IPv6 NTP server -ntp server 2001:db8::10 prefer - -! IPv6 source interface -ntp source Vlan100 - -end -write memory -``` - ---- - -## Appendix: Public NTP Servers - -### NIST (US Government) -- `129.6.15.28` - NIST, Gaithersburg, Maryland -- `129.6.15.29` - NIST, Gaithersburg, Maryland -- `132.163.96.1` - NIST, Boulder, Colorado -- `132.163.96.2` - NIST, Boulder, Colorado - -### US Naval Observatory -- `192.5.41.40` - tick.usno.navy.mil -- `192.5.41.41` - tock.usno.navy.mil - -### NTP Pool Project -- `0.pool.ntp.org` -- `1.pool.ntp.org` -- `2.pool.ntp.org` -- `3.pool.ntp.org` - -### Regional Pools -- `0.north-america.pool.ntp.org` -- `0.us.pool.ntp.org` - -**Note:** For production industrial use, deploy internal GPS-synchronized NTP servers rather than having all devices query public servers directly. This improves reliability, reduces external dependencies, and provides better time accuracy. - ---- - -## Integration with Industrial Protocols - -### PTP (Precision Time Protocol) Coexistence - -The ESS 9300 supports both NTP and PTP (IEEE 1588). Best practices: - -- Use **PTP for sub-microsecond precision** (automation, motion control) -- Use **NTP for general timekeeping** (logging, AAA, management) -- Keep NTP and PTP on separate VLANs if possible -- Use NTP for non-critical devices -- Reserve PTP for time-critical industrial applications - -### Synchronization with PLCs and SCADA - -```cisco -! Configure NTP to serve time to industrial devices -configure terminal - -ntp master 3 -ntp source GigabitEthernet1/1 - -! Allow SCADA network to query time -ntp access-group serve 20 -access-list 20 permit 10.50.0.0 0.0.255.255 - -end -write memory -``` - ---- - -## Differences from Nexus NX-OS - -Key differences when coming from Nexus switches: - -| Feature | Nexus (NX-OS) | ESS 9300 (IOS-XE) | -|---------|---------------|-------------------| -| VRF syntax | `use-vrf management` | Not required (use `source` instead) | -| Feature enable | `feature ntp` | Not required (built-in) | -| Calendar sync | N/A | `ntp update-calendar` | -| Save config | `copy run start` | `write memory` or `copy run start` | -| Auth key type | MD5 with type 7 | MD5 (auto-encrypted) | -| Interface naming | `mgmt0` | `GigabitEthernet0/0` | - ---- - -## Document Information - -**Target Platform:** Cisco Catalyst ESS 9300 (IE-9300) -**Operating System:** IOS-XE -**IOS-XE Versions:** 17.x -**Last Updated:** March 2026 -**Document Purpose:** Configuration reference and troubleshooting guide for industrial Ethernet environments - -For Cisco IOS-XE command reference, consult the official Cisco documentation for your specific software version. \ No newline at end of file diff --git a/Work/Cisco/Nexus_NTP.md b/Work/Cisco/Nexus_NTP.md deleted file mode 100644 index 67c8af9..0000000 --- a/Work/Cisco/Nexus_NTP.md +++ /dev/null @@ -1,518 +0,0 @@ ---- -title: NTP Deep dive on the Nexus -description: Config and troubleshoot -published: true -date: 2026-03-31T20:46:08.474Z -tags: -editor: markdown -dateCreated: 2026-03-31T20:45:58.287Z ---- - -# Cisco Nexus 93180 NTP Configuration and Troubleshooting Guide - -## Overview - -This guide provides complete NTP (Network Time Protocol) configuration steps and troubleshooting procedures for the Cisco Nexus 93180 switch running NX-OS. Accurate time synchronization is critical for logging, AAA, certificates, and distributed system correlation. - ---- - -## NTP Configuration - -### Basic NTP Server Configuration - - configure terminal - - ! Enable NTP feature (if not already enabled) - feature ntp - - ! Configure NTP servers (use multiple servers for redundancy) - ntp server 10.1.1.10 prefer use-vrf management - ntp server 10.1.1.11 use-vrf management - ntp server 192.0.2.1 use-vrf default - - ! Configure NTP source interface (optional but recommended) - ntp source-interface mgmt0 - - ! Set timezone (adjust to your location) - clock timezone EST -5 0 - - ! Configure daylight saving time (if applicable) - clock summer-time EDT 2 Sunday March 02:00 1 Sunday November 02:00 60 - - ! Save configuration - copy running-config startup-config - -### NTP Authentication (Recommended for Production) - - configure terminal - - ! Enable NTP authentication - ntp authenticate - - ! Create authentication keys - ntp authentication-key 1 md5 YourSecureKey123 7 - ntp authentication-key 2 md5 AnotherSecureKey456 7 - - ! Specify trusted keys - ntp trusted-key 1 - ntp trusted-key 2 - - ! Apply authentication to NTP servers - ntp server 10.1.1.10 prefer use-vrf management key 1 - ntp server 10.1.1.11 use-vrf management key 2 - - copy running-config startup-config - -### NTP Access Control (Security Best Practice) - - configure terminal - - ! Define access control for NTP - ! peer: Allow sync and queries - ! serve: Respond to queries only - ! serve-only: Respond to queries but don't sync - ! query-only: Allow queries only - - ntp access-group peer PeerACL - ntp access-group serve ServeACL - ntp access-group query-only QueryACL - - ! Create ACLs - ip access-list NTP-Peers - 10 permit ip 10.1.1.0/24 any - 20 deny ip any any - - ip access-list NTP-Serve - 10 permit ip 10.0.0.0/8 any - 20 deny ip any any - - copy running-config startup-config - -### NTP Master Configuration (Switch as Time Source) - - configure terminal - - ! Configure switch as NTP master (stratum level) - ! Only use if external NTP servers are unavailable - ntp master 8 - - ! This makes the switch authoritative at stratum 8 - ! Lower stratum = higher priority (1 is highest) - - copy running-config startup-config - -### Logging NTP Events - - configure terminal - - ! Enable logging for NTP - ntp logging - - ! Adjust logging level if needed - logging level ntp 6 - - copy running-config startup-config - ---- - -## Verification Commands - -### Check NTP Status - - ! Show NTP status summary - show ntp status - - ! Expected output when synchronized: - ! Clock is synchronized, stratum 3, reference is 10.1.1.10 - ! nominal freq is 250.0000 Hz, actual freq is 250.0010 Hz, precision is 2**18 - ! reference time is E8C9A234.1F2E3D4C (10:15:48.121 EST Mon Jan 15 2024) - ! clock offset is -0.0023 msec, root delay is 12.34 msec - ! root dispersion is 45.67 msec, peer dispersion is 1.23 msec - -### Check NTP Peers - - ! Show all NTP peers and their status - show ntp peers - - ! Column descriptions: - ! * = synchronized, + = candidate, # = selected - ! remote: NTP server address - ! ref clock: reference source of the server - ! st: stratum level - ! when: last packet received (seconds) - ! poll: polling interval - ! reach: reachability (377 = all 8 attempts successful) - ! delay: round-trip delay (ms) - ! offset: time difference (ms) - ! jitter: dispersion (ms) - -### Check NTP Statistics - - ! Show detailed peer statistics - show ntp peer-status - - ! Show specific peer details - show ntp peer 10.1.1.10 - -### Check NTP Authentication - - ! Verify authentication keys - show ntp authentication-keys - - ! Check authentication status - show ntp authentication-status - -### Check Time Configuration - - ! Display current clock settings - show clock detail - - ! Show timezone configuration - show running-config | include clock - ---- - -## Common Configuration Examples - -### Example 1: Enterprise Configuration with Multiple Servers - - configure terminal - - feature ntp - - ! Use company NTP servers in management VRF - ntp server 10.10.1.10 prefer use-vrf management - ntp server 10.10.1.11 use-vrf management - ntp server 10.10.1.12 use-vrf management - - ! Use public NTP as backup in default VRF - ntp server 129.6.15.28 use-vrf default - ntp server 132.163.96.1 use-vrf default - - ntp source-interface mgmt0 - - clock timezone EST -5 0 - clock summer-time EDT 2 Sunday March 02:00 1 Sunday November 02:00 60 - - ntp logging - - copy running-config startup-config - -### Example 2: Secure Configuration with Authentication - - configure terminal - - feature ntp - - ntp authenticate - ntp authentication-key 10 md5 Pr0d_NTP_K3y_2024 7 - ntp trusted-key 10 - - ntp server 10.10.1.10 prefer use-vrf management key 10 - ntp server 10.10.1.11 use-vrf management key 10 - - ntp access-group peer NTP-PEERS - - ip access-list NTP-PEERS - 10 permit ip 10.10.1.0/24 any - 20 deny ip any any log - - ntp source-interface mgmt0 - ntp logging - - clock timezone EST -5 0 - clock summer-time EDT 2 Sunday March 02:00 1 Sunday November 02:00 60 - - copy running-config startup-config - ---- - -## Troubleshooting Guide - -### Issue: NTP Not Synchronizing - -**Symptoms:** -- `show ntp status` shows "Clock is unsynchronized" -- No asterisk (*) appears in `show ntp peers` - -**Troubleshooting Steps:** - -1. **Verify NTP feature is enabled:** - - show feature | include ntp - ! If disabled: - configure terminal - feature ntp - -2. **Check network connectivity to NTP servers:** - - ping 10.1.1.10 vrf management - traceroute 10.1.1.10 vrf management - -3. **Verify NTP packets are being exchanged:** - - show ntp peer-status - ! Check 'reach' column - should be 377 (binary 11111111) - ! Check 'when' column - should be recent (< poll interval) - -4. **Check for authentication mismatches:** - - show ntp authentication-status - ! Verify keys match between switch and server - -5. **Verify correct VRF is configured:** - - show running-config | include "ntp server" - ! Ensure use-vrf matches your management connectivity - -6. **Check firewall/ACL blocking UDP port 123:** - - ! NTP uses UDP port 123 - show ip access-lists - -7. **Verify time offset isn't too large:** - - ! If offset > 1000 seconds, NTP may refuse to sync - ! Manually set clock closer to correct time: - clock set 14:30:00 15 January 2024 - -### Issue: High Offset or Jitter - -**Symptoms:** -- Time drifts significantly -- High offset values in `show ntp peers` - -**Troubleshooting Steps:** - -1. **Check network latency:** - - ping 10.1.1.10 vrf management repeat 100 - ! Look for packet loss and high/variable latency - -2. **Verify stratum levels:** - ```cisco - show ntp peers - ! Stratum should be < 10 for reliable servers - ! Lower stratum = more accurate - ``` - -3. **Increase number of NTP servers:** - ```cisco - ! Use at least 3 servers for best accuracy - ! NTP uses voting algorithm with multiple sources - ``` - -4. **Check for upstream NTP issues:** - ```cisco - show ntp peer-status - ! Verify your NTP servers are synchronized - ``` - -### Issue: Authentication Failures - -**Symptoms:** -- Peers show as unreachable despite network connectivity -- Authentication errors in logs - -**Troubleshooting Steps:** - -1. **Verify authentication is configured on both ends:** - ```cisco - show ntp authentication-status - ``` - -2. **Check key ID and values match:** - ```cisco - show ntp authentication-keys - ! Key number and MD5 hash must match server - ``` - -3. **Verify trusted keys are configured:** - ```cisco - show running-config | include "ntp trusted-key" - ``` - -4. **Temporarily disable authentication to test:** - ```cisco - configure terminal - no ntp authenticate - ! Test connectivity - ! Re-enable after testing: - ntp authenticate - ``` - -### Issue: NTP Working but Time Still Wrong - -**Symptoms:** -- `show ntp status` shows synchronized -- Clock shows incorrect time - -**Troubleshooting Steps:** - -1. **Verify timezone configuration:** - ```cisco - show running-config | include clock - ! Ensure timezone matches your location - ``` - -2. **Check daylight saving time settings:** - ```cisco - show clock detail - ! Verify DST is configured if applicable - ``` - -3. **Confirm NTP server time is correct:** - ```cisco - show ntp peers - ! Check offset - should be small (< 100ms typically) - ``` - -### Issue: Cannot Add NTP Server - -**Symptoms:** -- Configuration commands rejected -- "Invalid VRF" error - -**Troubleshooting Steps:** - -1. **Verify VRF exists:** - ```cisco - show vrf - ! Common VRFs: management, default - ``` - -2. **Check if management interface is configured:** - ```cisco - show running-config interface mgmt0 - ! Ensure IP address and VRF are configured - ``` - -3. **Verify source interface exists:** - ```cisco - show interface mgmt0 brief - ``` - ---- - -## Best Practices - -### Redundancy -- Configure at least **3 NTP servers** for optimal accuracy and redundancy -- Use diverse network paths to NTP servers when possible -- Consider using both internal and external NTP sources - -### Security -- **Always use NTP authentication** in production environments -- Implement access control lists to limit NTP queries -- Use `use-vrf management` to isolate NTP traffic -- Monitor NTP logs for unusual activity - -### Performance -- Use `prefer` keyword on the most reliable/accurate server -- Choose NTP servers with low stratum (2-4 is ideal) -- Select geographically close servers to minimize latency -- Avoid using stratum 1 servers directly (use stratum 2) - -### Maintenance -- Regularly verify NTP synchronization status -- Monitor offset and jitter values -- Update authentication keys periodically -- Document your NTP server hierarchy - -### Time Initialization -- When first configuring, manually set clock to within 1000 seconds of actual time -- NTP will refuse to sync if offset is too large initially -- Use `clock set` command before enabling NTP on new switches - ---- - -## Monitoring and Logging - -### Regular Health Checks - -```cisco -! Daily verification -show ntp status | include "Clock is" -show ntp peers | include "\*" - -! Weekly detailed check -show ntp peer-status -show clock detail -``` - -### Enable SNMP Monitoring - -```cisco -configure terminal - -! Enable SNMP for NTP monitoring -snmp-server enable traps ntp - -! Configure SNMP trap receiver -snmp-server host 10.1.1.100 traps version 2c YourCommunity - -copy running-config startup-config -``` - -### Syslog Monitoring - -```cisco -configure terminal - -! Ensure NTP logging is enabled -ntp logging - -! Configure syslog server -logging server 10.1.1.50 6 use-vrf management - -! Set appropriate logging level -logging level ntp 6 - -copy running-config startup-config -``` - ---- - -## Quick Reference Commands - -| Command | Purpose | -|---------|---------| -| `show ntp status` | Display synchronization status | -| `show ntp peers` | List all NTP peers and sync status | -| `show ntp peer-status` | Detailed peer statistics | -| `show clock detail` | Current time and configuration | -| `show feature \| include ntp` | Verify NTP feature enabled | -| `show running-config \| include ntp` | Display NTP configuration | -| `show ntp authentication-keys` | List configured auth keys | -| `clear ntp statistics` | Reset NTP statistics | - ---- - -## Appendix: Public NTP Servers - -### NIST (US Government) -- `129.6.15.28` - NIST, Gaithersburg, Maryland -- `132.163.96.1` - NIST, Boulder, Colorado - -### US Naval Observatory -- `192.5.41.40` - tick.usno.navy.mil -- `192.5.41.41` - tock.usno.navy.mil - -### NTP Pool Project -- `0.pool.ntp.org` -- `1.pool.ntp.org` -- `2.pool.ntp.org` -- `3.pool.ntp.org` - -**Note:** For production use, deploy internal NTP servers synchronized to external sources rather than having all infrastructure devices query public servers directly. - ---- - -## Document Information - -**Target Platform:** Cisco Nexus 93180 -**NX-OS Versions:** 7.x, 9.x, 10.x -**Last Updated:** March 2026 -**Document Purpose:** Configuration reference and troubleshooting guide - -For Cisco NX-OS command reference, consult the official Cisco documentation for your specific software version. \ No newline at end of file diff --git a/Work/Ducky/ess9300_upgrade.md b/Work/Ducky/ess9300_upgrade.md index 79c1ae4..b28f4de 100644 --- a/Work/Ducky/ess9300_upgrade.md +++ b/Work/Ducky/ess9300_upgrade.md @@ -2,7 +2,7 @@ title: Voyager SW10GG Upgrade description: Cisco ESS 9300 published: true -date: 2026-03-19T15:24:41.320Z +date: 2026-03-19T15:24:35.613Z tags: editor: markdown dateCreated: 2026-03-19T15:24:35.613Z diff --git a/Work/Ducky/ess_3300.md b/Work/Ducky/ess_3300.md index 868b0e4..10ed86d 100644 --- a/Work/Ducky/ess_3300.md +++ b/Work/Ducky/ess_3300.md @@ -2,7 +2,7 @@ title: Voyager SW26G Upgrade description: Cisco ESS 3300 Upgrade published: true -date: 2026-03-19T15:46:20.810Z +date: 2026-03-19T15:46:15.200Z tags: editor: markdown dateCreated: 2026-03-19T15:46:15.200Z diff --git a/Work/Nexus-upgrade.md b/Work/Nexus-upgrade.md index fe286d4..7f9ecc0 100644 --- a/Work/Nexus-upgrade.md +++ b/Work/Nexus-upgrade.md @@ -2,7 +2,7 @@ title: Nexus Upgrade description: published: true -date: 2026-02-19T20:37:41.384Z +date: 2026-02-19T20:37:32.957Z tags: editor: markdown dateCreated: 2026-02-19T20:37:32.957Z diff --git a/Work/Nexus_1_Build.md b/Work/Nexus_1_Build.md index 21bda12..881ef2e 100644 --- a/Work/Nexus_1_Build.md +++ b/Work/Nexus_1_Build.md @@ -2,7 +2,7 @@ title: C9300GX-1 Build description: published: true -date: 2026-02-19T20:47:10.482Z +date: 2026-02-19T20:46:00.149Z tags: editor: markdown dateCreated: 2026-02-19T20:45:10.926Z diff --git a/home.md b/home.md index b342291..8a7cc96 100644 --- a/home.md +++ b/home.md @@ -2,7 +2,7 @@ title: Netgrimoire description: published: true -date: 2026-02-25T21:48:26.231Z +date: 2026-02-25T21:48:20.699Z tags: editor: markdown dateCreated: 2026-01-21T13:19:48.685Z diff --git a/netgrimoire_gremlin.png b/netgrimoire_gremlin.png deleted file mode 100644 index 7497ce8..0000000 Binary files a/netgrimoire_gremlin.png and /dev/null differ