diff --git a/Netgrimoire/Audits/first.md b/Netgrimoire/Audits/first.md new file mode 100644 index 0000000..6acbcfc --- /dev/null +++ b/Netgrimoire/Audits/first.md @@ -0,0 +1,25 @@ +--- +title: Untitled Page +description: +published: true +date: 2026-04-01T01:56:08.260Z +tags: +editor: markdown +dateCreated: 2026-04-01T01:50:18.740Z +--- + +# Header +dffasdf +asdf +asd +asdf +asdf +asdf +asdf +asdf +asdf +asdf +asdf +asdf +asdf +asdf \ No newline at end of file diff --git a/Netgrimoire/Authentication/ldap-client-setup.md b/Netgrimoire/Authentication/ldap-client-setup.md index f953e1f..25fe7f2 100644 --- a/Netgrimoire/Authentication/ldap-client-setup.md +++ b/Netgrimoire/Authentication/ldap-client-setup.md @@ -2,7 +2,7 @@ title: LDAP Client Setup description: published: true -date: 2026-01-22T03:36:37.380Z +date: 2026-02-20T04:33:31.862Z tags: editor: markdown dateCreated: 2026-01-21T13:21:40.588Z diff --git a/Netgrimoire/Backup/Immich_Backup.md b/Netgrimoire/Backup/Immich_Backup.md index 02d15d4..d56beac 100644 --- a/Netgrimoire/Backup/Immich_Backup.md +++ b/Netgrimoire/Backup/Immich_Backup.md @@ -2,7 +2,7 @@ title: Immich Backup and Restore description: Immich backup with Kopia published: true -date: 2026-02-14T23:34:02.017Z +date: 2026-02-20T04:11:52.181Z tags: editor: markdown dateCreated: 2026-02-14T03:14:32.594Z diff --git a/Netgrimoire/Backup/MailCow_Backup.md b/Netgrimoire/Backup/MailCow_Backup.md index 0c4313d..379d88b 100644 --- a/Netgrimoire/Backup/MailCow_Backup.md +++ b/Netgrimoire/Backup/MailCow_Backup.md @@ -2,7 +2,7 @@ title: Mailcow Backup and Restore Strategy description: Mailcow backup published: true -date: 2026-02-13T22:23:40.797Z +date: 2026-02-20T04:15:25.924Z tags: editor: markdown dateCreated: 2026-02-11T01:20:59.127Z diff --git a/Netgrimoire/Backup/Nextcloud_Backup.md b/Netgrimoire/Backup/Nextcloud_Backup.md index 45fc927..b124a30 100644 --- a/Netgrimoire/Backup/Nextcloud_Backup.md +++ b/Netgrimoire/Backup/Nextcloud_Backup.md @@ -2,7 +2,7 @@ title: Nextcloud Backup description: Native + Kopia published: true -date: 2026-02-18T04:40:14.455Z +date: 2026-02-20T04:19:28.405Z tags: editor: markdown dateCreated: 2026-02-14T23:52:25.405Z diff --git a/Netgrimoire/Backup/Services_Backup.md b/Netgrimoire/Backup/Services_Backup.md index be7b624..c5b0e05 100644 --- a/Netgrimoire/Backup/Services_Backup.md +++ b/Netgrimoire/Backup/Services_Backup.md @@ -2,7 +2,7 @@ title: Services Backup description: published: true -date: 2026-02-14T23:51:09.146Z +date: 2026-02-20T04:08:15.923Z tags: editor: markdown dateCreated: 2026-02-05T21:28:23.152Z diff --git a/Netgrimoire/Backup/Wiki_Backup.md b/Netgrimoire/Backup/Wiki_Backup.md index 8524328..984c64d 100644 --- a/Netgrimoire/Backup/Wiki_Backup.md +++ b/Netgrimoire/Backup/Wiki_Backup.md @@ -2,7 +2,7 @@ title: Wikijs Backup description: Backup Wikijs published: true -date: 2026-02-23T04:35:24.121Z +date: 2026-02-23T04:35:32.870Z tags: editor: markdown dateCreated: 2026-02-23T04:35:24.121Z diff --git a/Netgrimoire/Documentation_Standards.md b/Netgrimoire/Documentation_Standards.md index e1f96cb..eea2385 100644 --- a/Netgrimoire/Documentation_Standards.md +++ b/Netgrimoire/Documentation_Standards.md @@ -2,7 +2,7 @@ title: Netgrimoire Documentation description: How to create and use Netgrimoire Docs published: true -date: 2026-02-03T02:54:56.444Z +date: 2026-02-20T04:16:19.329Z tags: editor: markdown dateCreated: 2026-02-03T02:54:56.444Z diff --git a/Netgrimoire/Netgrimoire_Theme.md b/Netgrimoire/Netgrimoire_Theme.md index 3adbf7c..cc1c185 100644 --- a/Netgrimoire/Netgrimoire_Theme.md +++ b/Netgrimoire/Netgrimoire_Theme.md @@ -2,7 +2,7 @@ title: Documentation Style Guide description: Applying a theme published: true -date: 2026-02-25T21:32:08.276Z +date: 2026-02-25T21:32:16.786Z tags: editor: markdown dateCreated: 2026-02-24T14:03:00.791Z diff --git a/Netgrimoire/Network/Port_Assignments.md b/Netgrimoire/Network/Port_Assignments.md index d5046e9..e08efff 100644 --- a/Netgrimoire/Network/Port_Assignments.md +++ b/Netgrimoire/Network/Port_Assignments.md @@ -2,7 +2,7 @@ title: Port Assignments description: published: true -date: 2026-01-27T13:15:17.556Z +date: 2026-02-20T04:21:52.996Z tags: editor: markdown dateCreated: 2026-01-27T03:42:58.945Z diff --git a/Netgrimoire/Network/Security/Caddy.md b/Netgrimoire/Network/Security/Caddy.md index 3f47fc1..940f1f8 100644 --- a/Netgrimoire/Network/Security/Caddy.md +++ b/Netgrimoire/Network/Security/Caddy.md @@ -2,7 +2,7 @@ title: Caddy Reverse Proxy description: Curreent and future config published: true -date: 2026-02-25T01:50:11.740Z +date: 2026-02-25T01:50:20.558Z tags: editor: markdown dateCreated: 2026-02-23T22:09:16.106Z diff --git a/Netgrimoire/Network/Security/OPnSense_IDS.md b/Netgrimoire/Network/Security/OPnSense_IDS.md index 74b64a1..f9860d8 100644 --- a/Netgrimoire/Network/Security/OPnSense_IDS.md +++ b/Netgrimoire/Network/Security/OPnSense_IDS.md @@ -2,7 +2,7 @@ title: OpnSense-IDS/IPS description: IDS published: true -date: 2026-02-23T21:51:41.041Z +date: 2026-02-23T21:51:49.920Z tags: editor: markdown dateCreated: 2026-02-23T21:49:16.861Z diff --git a/Netgrimoire/Network/Security/OpnSense_AppInspection.md b/Netgrimoire/Network/Security/OpnSense_AppInspection.md index cdb8004..87d95c2 100644 --- a/Netgrimoire/Network/Security/OpnSense_AppInspection.md +++ b/Netgrimoire/Network/Security/OpnSense_AppInspection.md @@ -2,7 +2,7 @@ title: OpnSense - App Protection description: App Inspection published: true -date: 2026-02-23T21:52:34.981Z +date: 2026-02-23T21:52:43.630Z tags: editor: markdown dateCreated: 2026-02-23T21:50:37.324Z diff --git a/Netgrimoire/Network/Security/OpnSense_Firewall.md b/Netgrimoire/Network/Security/OpnSense_Firewall.md index 4d5395d..483966f 100644 --- a/Netgrimoire/Network/Security/OpnSense_Firewall.md +++ b/Netgrimoire/Network/Security/OpnSense_Firewall.md @@ -2,7 +2,7 @@ title: OpnSense description: Grimoire Firewall Configuration published: true -date: 2026-02-23T21:31:15.244Z +date: 2026-02-23T21:31:26.008Z tags: editor: markdown dateCreated: 2026-02-23T21:31:15.244Z diff --git a/Netgrimoire/Network/Security/OpnSense_Git.md b/Netgrimoire/Network/Security/OpnSense_Git.md index 871bbf2..0061fa4 100644 --- a/Netgrimoire/Network/Security/OpnSense_Git.md +++ b/Netgrimoire/Network/Security/OpnSense_Git.md @@ -2,7 +2,7 @@ title: OpnSense - GIT Integration description: Git Integration published: true -date: 2026-02-23T21:53:15.906Z +date: 2026-02-23T21:53:24.522Z tags: editor: markdown dateCreated: 2026-02-23T21:48:01.779Z diff --git a/Netgrimoire/Network/Security/OpnSense_Ntfy.md b/Netgrimoire/Network/Security/OpnSense_Ntfy.md index 091bbfb..5482a9a 100644 --- a/Netgrimoire/Network/Security/OpnSense_Ntfy.md +++ b/Netgrimoire/Network/Security/OpnSense_Ntfy.md @@ -2,7 +2,7 @@ title: OpnSense - NTFY Integration description: Security Notifications published: true -date: 2026-02-23T22:00:37.268Z +date: 2026-02-23T22:00:46.462Z tags: editor: markdown dateCreated: 2026-02-23T22:00:37.268Z diff --git a/Netgrimoire/Network/Security/opnsense_blocklist.md b/Netgrimoire/Network/Security/opnsense_blocklist.md index a9fd216..d12aba1 100644 --- a/Netgrimoire/Network/Security/opnsense_blocklist.md +++ b/Netgrimoire/Network/Security/opnsense_blocklist.md @@ -2,7 +2,7 @@ title: Opnsense - Additional Blocklists description: Blocklists published: true -date: 2026-02-23T21:54:04.063Z +date: 2026-02-23T21:54:13.019Z tags: editor: markdown dateCreated: 2026-02-23T21:46:39.562Z diff --git a/Netgrimoire/Nucking-Futz/Scripts/vhs_restoration.md b/Netgrimoire/Nucking-Futz/Scripts/vhs_restoration.md index 8286f1a..6c41a4e 100644 --- a/Netgrimoire/Nucking-Futz/Scripts/vhs_restoration.md +++ b/Netgrimoire/Nucking-Futz/Scripts/vhs_restoration.md @@ -2,7 +2,7 @@ title: Video Restoration Script description: Restore VHS Video Captures published: true -date: 2026-03-06T03:48:05.841Z +date: 2026-03-06T03:48:12.713Z tags: editor: markdown dateCreated: 2026-03-06T03:48:05.841Z diff --git a/Netgrimoire/Nucking-Futz/Services/Stash/Stash-Management.md b/Netgrimoire/Nucking-Futz/Services/Stash/Stash-Management.md index 5f96b30..befe7b4 100644 --- a/Netgrimoire/Nucking-Futz/Services/Stash/Stash-Management.md +++ b/Netgrimoire/Nucking-Futz/Services/Stash/Stash-Management.md @@ -2,7 +2,7 @@ title: Stashapp Workflow description: published: true -date: 2026-02-18T13:08:53.604Z +date: 2026-02-20T04:25:56.467Z tags: editor: markdown dateCreated: 2026-02-18T13:08:53.604Z diff --git a/Netgrimoire/Pocket/Deployment_Guide.md b/Netgrimoire/Pocket/Deployment_Guide.md index cde0cfa..d7dbe02 100644 --- a/Netgrimoire/Pocket/Deployment_Guide.md +++ b/Netgrimoire/Pocket/Deployment_Guide.md @@ -2,7 +2,7 @@ title: Pocket Grimoire description: published: true -date: 2026-02-22T05:00:02.026Z +date: 2026-02-26T12:42:50.676Z tags: editor: markdown dateCreated: 2026-02-20T04:41:35.122Z @@ -354,6 +354,23 @@ sudo raspi-config # System Options → Locale → en_US.UTF-8 ``` +**⚠️ Important: Ubuntu Pi Boot Configuration Note** + +Ubuntu on Raspberry Pi uses a different boot config location than Raspberry Pi OS. + +The active kernel command line is in: +``` +/boot/firmware/current/cmdline.txt +``` + +**Do NOT edit** `/boot/firmware/cmdline.txt` for kernel parameters — that file is only read during `tryboot` scenarios and is ignored on normal boot. + +Any kernel parameters (including USB quirks for drives) must go in `/boot/firmware/current/cmdline.txt` as a single unbroken line. + +This is critical for applying USB storage quirks (see Troubleshooting section if you experience drive issues). + +--- + ### 2. Install VeraCrypt (Optional - For Encrypted Container Files) **VeraCrypt** allows you to mount encrypted container files as virtual drives. This is useful for: @@ -2933,6 +2950,86 @@ sudo syncoid vault/Green/Pocket greenpg/Pocket # if greenpg **Best practice:** After first import to Pocket, the pool is permanently `greenpg` +### Kanguru UltraLock UAS Errors / Pool Suspended + +**Symptoms:** +- ZFS pool repeatedly suspending with `error=5` (EIO) +- dmesg showing `uas_eh_abort_handler` every ~30 seconds +- Pool status shows `SUSPENDED` +- Drive resets cycling: `uas_eh_device_reset_handler start/success` repeating + +``` +sd 0:0:0:0: [sda] tag#8 uas_eh_abort_handler 0 uas-tag 3 inflight: CMD IN +scsi host0: uas_eh_device_reset_handler start +scsi host0: uas_eh_device_reset_handler success +WARNING: Pool 'greenpg' has encountered an uncorrectable I/O failure and has been suspended. +``` + +**Root Cause:** + +The Kanguru UltraLock (`idVendor=1e1d, idProduct=2001`) uses the UAS driver by default. The Raspberry Pi 4's xhci USB controller has a known incompatibility with UAS on certain drives. The fix is to force the drive to use the `usb-storage` driver instead via a kernel quirk parameter. + +**Fix (Ubuntu Pi — permanent):** + +```bash +# Edit the correct cmdline file (NOT /boot/firmware/cmdline.txt) +sudo nano /boot/firmware/current/cmdline.txt +``` + +Add `usb-storage.quirks=1e1d:2001:u` to the end of the existing single line: + +``` +console=serial0,115200 multipath=off dwc_otg.lpm_enable=0 console=tty1 root=LABEL=writable rootfstype=ext4 panic=10 rootwait fixrtc usb-storage.quirks=1e1d:2001:u +``` + +```bash +# Verify: should show ONE $ at end, no blank lines +cat -A /boot/firmware/current/cmdline.txt + +# Reboot +sudo reboot +``` + +**Verify fix after reboot:** + +```bash +sudo dmesg | grep -i "kanguru\|uas\|usb-storage" | head -10 +``` + +Confirmed working output: +``` +usb 2-2: UAS is ignored for this device, using usb-storage instead +usb-storage 2-2:1.0: USB Mass Storage device detected +usb-storage 2-2:1.0: Quirks match for vid 1e1d pid 2001: 800000 +scsi host0: usb-storage 2-2:1.0 +``` + +**Recover suspended pool after applying fix:** + +```bash +sudo zpool clear greenpg +sudo zfs load-key greenpg/Pocket +sudo zfs mount -a +``` + +If pool has data errors from before the fix: +```bash +sudo zpool status -v greenpg +sudo zpool scrub greenpg +# If metadata errors remain and can't be repaired, destroy and resync from Netgrimoire +``` + +**Why `/boot/firmware/cmdline.txt` doesn't work:** + +On Ubuntu Pi, `/boot/firmware/config.txt` only reads `cmdline=cmdline.txt` under the `[tryboot]` section. The active boot uses `/boot/firmware/current/cmdline.txt` instead. This differs from Raspberry Pi OS where `/boot/firmware/cmdline.txt` is the correct file. + +**Hardware reference:** +- Kanguru UltraLock USB ID: `1e1d:2001` +- Pi 4 USB controller: xhci_hcd (Broadcom BCM2711) +- Issue: xhci + UAS incompatibility on large USB drives + +*Fix discovered and documented during greenpg pool troubleshooting, February 2026* + ### Docker Containers Not Starting ```bash # Check if ZFS pools are mounted first diff --git a/Netgrimoire/Pocket/Hardware.md b/Netgrimoire/Pocket/Hardware.md index 148bc24..e79d702 100644 --- a/Netgrimoire/Pocket/Hardware.md +++ b/Netgrimoire/Pocket/Hardware.md @@ -2,7 +2,7 @@ title: Pocket Grimoire - Hardware description: Hardware for Pocket Grimoire published: true -date: 2026-02-03T17:22:16.329Z +date: 2026-02-20T04:29:06.922Z tags: editor: markdown dateCreated: 2026-01-28T23:07:03.685Z diff --git a/Netgrimoire/Pocket/ONN_Media_Streamer.md b/Netgrimoire/Pocket/ONN_Media_Streamer.md index 0b8b2eb..1360020 100644 --- a/Netgrimoire/Pocket/ONN_Media_Streamer.md +++ b/Netgrimoire/Pocket/ONN_Media_Streamer.md @@ -2,7 +2,7 @@ title: Stream Box description: Configure ONN Media Box published: true -date: 2026-02-20T04:50:34.384Z +date: 2026-02-20T04:50:44.701Z tags: editor: markdown dateCreated: 2026-02-20T04:50:34.384Z diff --git a/Netgrimoire/Pocket/Software.md b/Netgrimoire/Pocket/Software.md index 23db941..cca1aea 100644 --- a/Netgrimoire/Pocket/Software.md +++ b/Netgrimoire/Pocket/Software.md @@ -2,7 +2,7 @@ title: Pocket Grimoire Software description: published: true -date: 2026-01-29T04:40:00.733Z +date: 2026-02-20T04:30:28.681Z tags: editor: markdown dateCreated: 2026-01-29T04:37:33.794Z diff --git a/Netgrimoire/Pocket/Stash_Integration.md b/Netgrimoire/Pocket/Stash_Integration.md index 64d1db9..12df189 100644 --- a/Netgrimoire/Pocket/Stash_Integration.md +++ b/Netgrimoire/Pocket/Stash_Integration.md @@ -2,7 +2,7 @@ title: Pocket Clips description: Integrating Stash published: true -date: 2026-02-22T05:20:21.030Z +date: 2026-02-22T05:20:31.865Z tags: editor: markdown dateCreated: 2026-02-20T04:48:11.191Z diff --git a/Netgrimoire/Service_Document_Template.md b/Netgrimoire/Service_Document_Template.md index ce60e38..97c2449 100644 --- a/Netgrimoire/Service_Document_Template.md +++ b/Netgrimoire/Service_Document_Template.md @@ -2,7 +2,7 @@ title: Service Documentation Template description: Describe the service published: true -date: 2026-02-03T02:57:07.462Z +date: 2026-02-20T04:24:03.727Z tags: editor: markdown dateCreated: 2026-02-03T02:57:07.462Z diff --git a/Netgrimoire/Services/AI/Netgrimoire_Agent.md b/Netgrimoire/Services/AI/Netgrimoire_Agent.md index 7abef3a..7faed64 100644 --- a/Netgrimoire/Services/AI/Netgrimoire_Agent.md +++ b/Netgrimoire/Services/AI/Netgrimoire_Agent.md @@ -2,7 +2,7 @@ title: Ollama with agent description: The smart home reference published: true -date: 2026-03-05T02:26:34.682Z +date: 2026-03-05T02:26:41.506Z tags: editor: markdown dateCreated: 2026-02-18T22:14:41.533Z diff --git a/Netgrimoire/Services/AI/Readme.md b/Netgrimoire/Services/AI/Readme.md index 943baa8..259f23e 100644 --- a/Netgrimoire/Services/AI/Readme.md +++ b/Netgrimoire/Services/AI/Readme.md @@ -2,7 +2,7 @@ title: Readme description: Readme file generated by AI published: true -date: 2026-03-05T02:27:57.522Z +date: 2026-03-05T02:28:03.404Z tags: editor: markdown dateCreated: 2026-03-05T02:27:57.522Z diff --git a/Netgrimoire/Services/Immich/Convert_Immich.md b/Netgrimoire/Services/Immich/Convert_Immich.md index d11925f..3fd78c7 100644 --- a/Netgrimoire/Services/Immich/Convert_Immich.md +++ b/Netgrimoire/Services/Immich/Convert_Immich.md @@ -2,7 +2,7 @@ title: Immich on ZFS description: Moving Immich to its own ZFS dataset published: true -date: 2026-02-06T15:57:04.261Z +date: 2026-02-20T04:13:02.502Z tags: service zfs immich dataset editor: markdown dateCreated: 2026-02-06T15:57:04.261Z diff --git a/Netgrimoire/Services/MailCow/MXRoute_Integration.md b/Netgrimoire/Services/MailCow/MXRoute_Integration.md index ba75a40..2995689 100644 --- a/Netgrimoire/Services/MailCow/MXRoute_Integration.md +++ b/Netgrimoire/Services/MailCow/MXRoute_Integration.md @@ -2,7 +2,7 @@ title: Integrating MXRoute with MailCow description: published: true -date: 2026-02-25T21:04:26.849Z +date: 2026-02-25T21:04:37.135Z tags: editor: markdown dateCreated: 2026-02-25T19:22:31.514Z diff --git a/Netgrimoire/Services/MailCow/MailCOw_Install.md b/Netgrimoire/Services/MailCow/MailCOw_Install.md index e5ef5cb..fc7defa 100644 --- a/Netgrimoire/Services/MailCow/MailCOw_Install.md +++ b/Netgrimoire/Services/MailCow/MailCOw_Install.md @@ -2,7 +2,7 @@ title: Mailcow Dockerized Install and Config description: published: true -date: 2026-02-25T21:05:38.864Z +date: 2026-02-25T21:05:48.256Z tags: editor: markdown dateCreated: 2026-02-25T21:05:38.864Z diff --git a/Netgrimoire/Services/MailCow/Mailcow_Hardening.md b/Netgrimoire/Services/MailCow/Mailcow_Hardening.md index 6d921ee..002eca0 100644 --- a/Netgrimoire/Services/MailCow/Mailcow_Hardening.md +++ b/Netgrimoire/Services/MailCow/Mailcow_Hardening.md @@ -2,7 +2,7 @@ title: MailCow Hardening description: Securing Mailcow published: true -date: 2026-02-23T21:56:22.998Z +date: 2026-02-23T21:56:32.211Z tags: editor: markdown dateCreated: 2026-02-23T21:56:22.997Z diff --git a/Netgrimoire/Services/MailCow/Mailcow_MXRoute.md b/Netgrimoire/Services/MailCow/Mailcow_MXRoute.md index 11f4e08..3cb6c4d 100644 --- a/Netgrimoire/Services/MailCow/Mailcow_MXRoute.md +++ b/Netgrimoire/Services/MailCow/Mailcow_MXRoute.md @@ -2,7 +2,7 @@ title: Forwarding Mailcow through MXRoute description: Maintaining reputation published: true -date: 2026-02-15T01:42:12.478Z +date: 2026-02-20T04:10:37.730Z tags: editor: markdown dateCreated: 2026-02-15T01:42:12.478Z diff --git a/Netgrimoire/Services/MailCow/Sample_Domain_Setup.md b/Netgrimoire/Services/MailCow/Sample_Domain_Setup.md index 9022a7d..928d920 100644 --- a/Netgrimoire/Services/MailCow/Sample_Domain_Setup.md +++ b/Netgrimoire/Services/MailCow/Sample_Domain_Setup.md @@ -2,7 +2,7 @@ title: Sample Domain Setup description: Graymutt@nucking-futz.com published: true -date: 2026-03-16T00:34:02.401Z +date: 2026-03-16T00:34:08.387Z tags: editor: markdown dateCreated: 2026-02-25T22:02:27.719Z diff --git a/Netgrimoire/Services/MailCow/mxroute_mailcow.md b/Netgrimoire/Services/MailCow/mxroute_mailcow.md index 9cedf8b..067f1c4 100644 --- a/Netgrimoire/Services/MailCow/mxroute_mailcow.md +++ b/Netgrimoire/Services/MailCow/mxroute_mailcow.md @@ -2,7 +2,7 @@ title: Recieving Mail thru MXRoute description: Trusted receiver published: true -date: 2026-02-25T17:18:07.245Z +date: 2026-02-25T17:18:16.273Z tags: editor: markdown dateCreated: 2026-02-15T01:44:15.683Z diff --git a/Netgrimoire/Storage/Kopia.md b/Netgrimoire/Storage/Kopia.md index 507489e..f305c67 100644 --- a/Netgrimoire/Storage/Kopia.md +++ b/Netgrimoire/Storage/Kopia.md @@ -2,7 +2,7 @@ title: Setting Up Kopia description: published: true -date: 2026-02-13T17:10:40.442Z +date: 2026-02-20T04:27:59.823Z tags: editor: markdown dateCreated: 2026-01-23T22:14:17.009Z diff --git a/Netgrimoire/Storage/Storage_Layout.md b/Netgrimoire/Storage/Storage_Layout.md index b622424..c9e5f64 100644 --- a/Netgrimoire/Storage/Storage_Layout.md +++ b/Netgrimoire/Storage/Storage_Layout.md @@ -2,7 +2,7 @@ title: Netgrimoire Storage description: Where is it at published: true -date: 2026-02-23T18:38:18.651Z +date: 2026-02-23T18:38:27.621Z tags: editor: markdown dateCreated: 2026-01-22T21:10:37.035Z diff --git a/Netgrimoire/Storage/ZFS-Commands.md b/Netgrimoire/Storage/ZFS-Commands.md index 20b1e36..4ed077a 100644 --- a/Netgrimoire/Storage/ZFS-Commands.md +++ b/Netgrimoire/Storage/ZFS-Commands.md @@ -2,7 +2,7 @@ title: ZFS Common Commands description: ZFS Commands published: true -date: 2026-02-18T12:38:32.940Z +date: 2026-02-20T04:26:23.798Z tags: zfs commands editor: markdown dateCreated: 2026-01-31T15:23:07.585Z diff --git a/Netgrimoire/Storage/ZNAS_NFS_Exports.md b/Netgrimoire/Storage/ZNAS_NFS_Exports.md index 9dccbf0..be1b695 100644 --- a/Netgrimoire/Storage/ZNAS_NFS_Exports.md +++ b/Netgrimoire/Storage/ZNAS_NFS_Exports.md @@ -2,7 +2,7 @@ title: ZFS-NFS-Exports description: Exporting NFS shares from ZFS datasets published: true -date: 2026-02-23T21:58:11.949Z +date: 2026-02-23T21:58:20.626Z tags: editor: markdown dateCreated: 2026-02-01T20:45:40.210Z diff --git a/Netgrimoire/service_Catalog.md b/Netgrimoire/service_Catalog.md new file mode 100644 index 0000000..7386d71 --- /dev/null +++ b/Netgrimoire/service_Catalog.md @@ -0,0 +1,355 @@ +--- +title: Netgrimoire Service Catalog +description: Done or soon to be +published: true +date: 2026-03-29T16:05:32.761Z +tags: +editor: markdown +dateCreated: 2026-03-29T16:05:26.168Z +--- + +# Netgrimoire Service Catalog + +> **Living document** — tracks all deployed, configured, and planned services across the Netgrimoire homelab. +> Source of truth: Forgejo repo — `compose/` = Docker Compose per host | `swarm/` = Docker Swarm | `archive/` = not running +> +> Status: ✅ Deployed & Configured | 🔧 Deployed, Needs Config | 📋 Planned | 🔍 Evaluating | ❌ Abandoned/Archived + +--- + +## 🏗️ Infrastructure Overview + +| Host | Role | IP | Runtime | +|------|------|----|---------| +| znas | NAS / Primary Swarm node | 192.168.5.10 | Docker Compose + Swarm manager | +| docker2 | VPN gateway host | — | Docker Compose | +| docker3 | LibreNMS host | — | Docker Compose | +| docker4 (hermes) | Mail server host | 192.168.5.16 | Docker Compose | +| docker5 | Media host | 192.168.5.18 | Docker Compose | +| Pi4s / NUCs | Swarm worker nodes | various | Docker Swarm workers | + +--- + +## 📡 Network & Reverse Proxy + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | OPNsense | Firewall appliance | — | Firewall / Dual-WAN / NAT | ATT igc1 primary; 5 static IPs allocated; legacy WAN retiring | +| 🔧 | Caddy (new) | znas / Swarm | — | Reverse proxy — CrowdSec edition | `serfriz/caddy-crowdsec-geoip-ratelimit-security-dockerproxy`; migration in progress; `caddy.yaml` | +| ✅ | Caddy (legacy) | znas / Swarm | — | Reverse proxy | `lucaslorentz/caddy-docker-proxy`; `caddy-1.yaml` | +| ✅ | Authentik | znas / Swarm | — | SSO / IdP | Protects `*.netgrimoire.com` services | +| ✅ | Authelia | znas / Swarm | — | SSO / IdP | Protects `*.wasted-bandwidth.net` services | +| ✅ | WireGuard | OPNsense | — | VPN | Peers: Obie (.2), pncfishandmore (.3), GLNet (.4/.6), PortaPotty (.5) — 192.168.32.0/24 | +| ✅ | OpenVPN | OPNsense | — | VPN | Configured alongside WireGuard | +| ✅ | Gluetun | docker2 / Compose | — | VPN gateway container | PIA VPN; Jackett + Transmission share `network_mode: container:gluetun` | +| ✅ | Internal DNS | 192.168.5.7 | dns.netgrimoire.com | Internal name resolution | Technitium DNS; behind Authentik | +| ✅ | LLDAP | znas / Swarm | ldap.netgrimoire.com | Lightweight LDAP directory | `lldap/lldap:stable` + postgres; user management backend | +| 📋 | dnscrypt-proxy | TBD | — | Encrypted upstream DNS | Pending install | +| 📋 | Suricata | OPNsense | — | IDS/IPS | Pending config | +| 📋 | Zenarmor | OPNsense | — | Deep packet inspection (free tier) | Pending install | +| 📋 | os-git-backup | OPNsense | — | OPNsense config backup to git | Pending install | + +--- + +## 🔒 Security + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | CrowdSec | OPNsense + Swarm | — | Threat intelligence / IP blocking | OPNsense bouncer active; Caddy bouncer in progress | +| ✅ | Vaultwarden | znas / Swarm | pass.netgrimoire.com | Password manager | `vaultwarden/server` | +| 🔧 | CrowdSec Caddy Bouncer | znas / Swarm | — | HTTP-level blocking | Gradual rollout via `caddy.import=crowdsec` label per service | +| 🔧 | OPNsense Spamhaus + GeoIP | OPNsense | — | IP blocklist / geo-blocking | Currently DISABLED — needs fixing | +| 📋 | YubiKey PIV (SSH) | All hosts | — | Smartcard SSH authentication | Highest-impact pending integration | +| 📋 | YubiKey Challenge-Response | znas | — | LUKS / Kopia key derivation | Planned | + +--- + +## 📧 Email + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | MailCow | docker4 / Compose | mail.netgrimoire.com + all domains | Self-hosted mail server | hermes.netgrimoire.com; MXRoute inbound filter + outbound relay for all 8 domains | +| ✅ | Roundcube | docker4 / Swarm | — | Webmail | SSL peer verify disabled for internal dovecot; SRS catch-all aliases configured | +| ✅ | MXRoute | External | — | Inbound filter + outbound relay | Two DKIM selectors: `mailcow` + `mxroute` | +| 📋 | Dedicated ATT_Mail IP | OPNsense | — | Separate static IP for mail traffic | Assignment still pending | + +**Domains:** netgrimoire.com · pncharris.com · nucking-futz.com · wasted-bandwidth.net · florosafd.org · gnarlypandaproductions.com · pncfishandmore.com · pncharrisenterprises.com + +--- + +## 🎬 Media — Video + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Jellyfin | docker5 / Compose | — | Media server | Port 8096; VAAPI via `/dev/dri`; dedicated static IP 107.133.34.147 | +| ✅ | Jellyfinx | docker5 / Compose | — | Green Door media server | Port 7096; separate instance; Green + AfterDark library mounts | +| ✅ | Sonarr | znas / Swarm | — | TV show downloader | `linuxserver/sonarr` | +| ✅ | Radarr | znas / Swarm | — | Movie downloader | `linuxserver/radarr` | +| ✅ | Bazarr | znas / Swarm | bazarr.netgrimoire.com | Subtitle management | `linuxserver/bazarr` | +| ✅ | Tunarr | znas / Swarm | — | IPTV channel creation | `chrisbenincasa/tunarr`; ErsatzTV replacement (ErsatzTV archived Feb 2026) | +| ✅ | JellySeerr | znas / Swarm | requests.netgrimoire.com | Media request management | `fallenbagel/jellyseerr` | +| ✅ | JellyStat | znas / Swarm | — | Jellyfin usage statistics | `cyfershepard/jellystat` + postgres | +| ✅ | TinyMediaManager | znas / Swarm | tmm.netgrimoire.com | Media metadata manager | `tinymediamanager/tinymediamanager` | +| ✅ | Pinchflat | znas / Swarm | pinchflat.netgrimoire.com | YouTube channel downloader | `kieraneglin/pinchflat` | +| 📋 | MeTube | TBD | — | YouTube downloader | Needed for Tunarr period-accurate filler sourcing workflow | +| 🔍 | Wizarr | TBD | — | Jellyfin user onboarding | Evaluating | + +--- + +## 🎵 Media — Audio + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Lidarr | znas / Swarm | — | Music downloader | (Caddy label not found in yaml — likely static Caddyfile entry) | +| ✅ | Beets | znas / Swarm | beets.netgrimoire.com | Music library tagging | `linuxserver/beets` | +| 🔍 | Navidrome | TBD | — | Music streaming server | Lightweight Subsonic-compatible | +| 🔍 | Soularr | TBD | — | Soulseek integration for Lidarr | Strongly recommended; fills gaps Usenet/torrents miss | +| 🔍 | Tubifarry | TBD | — | Spotify playlists → YouTube → Lidarr | https://github.com/TypNull/Tubifarry | + +--- + +## 📚 Media — Books & Comics + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Calibre | znas / Compose | calibre.netgrimoire.com | Ebook library management | `linuxserver/calibre`; port 7070; behind Authentik; requires `seccomp=unconfined` (Compose-only) | +| ✅ | Calibre-Web Automated | znas / Swarm | books.netgrimoire.com · books.pncharris.com | Web UI + auto-import | `crocodilestick/calibre-web-automated`; dual-domain Caddy label | +| ✅ | Calibre-Web (library) | znas / Swarm | — | Secondary Calibre-Web instance | `linuxserver/calibre-web`; hostname `calibre-netgrimoire`; `library.yaml` | +| ✅ | Readarr | znas / Swarm | — | Book downloader | Using `blampe/rreading-glasses` image | +| 📋 | Mylar | znas / Swarm | — | Comic book downloader | Not currently running; needs setup soon. Reference `archive/arr.yaml` for old config | +| ✅ | Kavita | znas / Swarm | kavita.netgrimoire.com | Ebook/comic reader | `jvmilazz0/kavita` | +| ✅ | Comixed | znas / Swarm | comics.netgrimoire.com | Comic library server | `comixed/comixed` | +| ✅ | FreshRSS | znas / Swarm | rss.netgrimoire.com | RSS aggregator | `linuxserver/freshrss` | +| 🔍 | Komga | TBD | — | Comic/manga server | Evaluating vs Kavita/Comixed | +| 🔍 | MyAnonaMouse | TBD | — | Private ebook tracker | Worth investigating | + +--- + +## 📥 Download Stack + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | NZBGet | znas / Swarm | — | Usenet download manager | `linuxserver/nzbget` | +| ✅ | SABnzbd | znas / Swarm | — | Usenet download manager | `linuxserver/sabnzbd` | +| ✅ | NZBHydra | znas / Swarm | hydra.netgrimoire.com | Usenet indexer aggregator | `linuxserver/nzbhydra2:dev`; altHUB, NZBGeek, Drunken Slug, Usenet Crawler, DogNZB | +| ✅ | Jackett | docker2 / Compose | jackett.netgrimoire.com | Torrent indexer | Runs inside Gluetun network; behind Authentik | +| ✅ | Transmission | docker2 / Compose | — | Torrent client | `network_mode: container:gluetun`; shares Gluetun VPN | +| ✅ | Recyclarr | znas / Swarm | — | Sonarr/Radarr quality profile sync | `recyclarr/recyclarr` | +| ✅ | Profilarr | znas / Swarm | profilarr.netgrimoire.com | Quality profile management | `santiagosayshey/profilarr` | +| ✅ | Configarr | znas / Swarm | configarr.netgrimoire.com | Arr config management | `raydak-labs/configarr` | +| 📋 | Prowlarr | TBD | — | Unified indexer manager | Low priority — light torrent usage; NZBHydra covers current needs | + +--- + +## 🤖 AI & Automation (Gremlin Stack) + +> All pinned to `znas` node on Docker Swarm via `swarm/ollama.yaml`. + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Ollama | znas / Swarm | — | Local LLM inference | CPU-only (Ryzen); 3B–14B models | +| ✅ | Open WebUI | znas / Swarm | — | Chat interface for Ollama | `ghcr.io/open-webui/open-webui` | +| ✅ | Qdrant | znas / Swarm | — | Vector database for RAG | Wiki.js / markdown doc search | +| ✅ | n8n | znas / Swarm | — | Workflow automation | Forgejo webhook → doc gen, compose validation, alert triage | +| 🔍 | Perplexica | TBD | — | Self-hosted AI search | https://github.com/ItzCrazyKns/Perplexica | + +--- + +## ☁️ Files, Notes & Personal Apps + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Nextcloud AIO | znas / Compose | cloud.netgrimoire.com | File sync / cloud storage | `nextcloud/all-in-one`; data at `/srv/NextCloud-AIO`; Caddy → port 11000 | +| ✅ | Immich | znas / Compose | immich.netgrimoire.com | Photo management | Port 2283; Postgres dump + Kopia backup; external photo + Nextcloud mounts | +| ✅ | Joplin Server | znas / Swarm | joplin.netgrimoire.com | Note sync server | `joplin/server` + postgres; Homepage widget configured | +| ✅ | Vikunja | znas / Swarm | task.netgrimoire.com | Task management | `vikunja/vikunja` + MariaDB | +| ✅ | Linkding | znas / Swarm | link.netgrimoire.com | Bookmark manager | `sissbruecker/linkding:1.13.0` | +| ✅ | Mealie | znas / Swarm | recipe.netgrimoire.com | Recipe manager | `ghcr.io/mealie-recipes/mealie` | +| ✅ | Wallos | znas / Swarm | expense.netgrimoire.com | Subscription / expense tracker | `bellamy/wallos` | +| ✅ | DailyTxT | znas / Swarm | — | Encrypted diary | `phitux/dailytxt:2.x.x` | +| ✅ | Bigcapital | docker5 / Compose | accounts.netgrimoire.com | Accounting / invoicing | Static Caddyfile entry; `{{upstreams}}` doesn't work for Compose stacks | +| ✅ | Scanopy | znas / Swarm | scn.netgrimoire.com | Document scanner | `ghcr.io/scanopy/scanopy` (server + daemon) + postgres | +| ✅ | Glance | znas / Swarm | home.netgrimoire.com | Alternative dashboard | `glanceapp/glance` | +| 📋 | Memos | TBD | — | Self-hosted journaling | Preferred journal addition (alongside Joplin for notes) | +| 🔍 | Wallabag | TBD | — | Read-it-later / article saving | | +| 🔍 | Fluid Calendar | TBD | — | Self-hosted calendar | https://github.com/dotnetfactory/fluid-calendar | +| 🔍 | Firefly III | TBD | — | Personal finance / budgeting | | +| 🔍 | Stirling-PDF | TBD | — | PDF editor / tools | | +| 🔍 | Excalidraw | TBD | — | Collaborative whiteboard | | +| 🔍 | Baikal | TBD | — | CalDAV / CardDAV sync | https://sabre.io/baikal/ | + +--- + +## 📝 Documentation & Dev + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Wiki.js | znas / Swarm | wiki.netgrimoire.com | Documentation wiki | `requarks/wiki:2` + postgres; Grimoire theme; Forgejo git backend | +| ✅ | Draw.io | znas / Swarm | draw.netgrimoire.com | Diagramming | `jgraph/drawio`; co-deployed in `wiki.yaml` | +| ✅ | Forgejo | znas / Swarm | git.netgrimoire.com | Self-hosted Git | `codeberg.org/forgejo/forgejo:11`; source of truth for Wiki.js + Gremlin | +| ✅ | Forgejo Runner | znas / Swarm | — | CI/CD | `data.forgejo.org/forgejo/runner:4.0.0`; `gitrunner.yaml` | +| ✅ | VS Code Server | znas / Swarm | code.netgrimoire.com | Web-based IDE | `linuxserver/code-server` | +| ✅ | Webtop (ubuntu-kde) | znas / Compose | webtop.netgrimoire.com | Browser-based desktop | Software rendering via llvmpipe; behind Authentik | +| ✅ | Firefox (container) | znas / Swarm | firefox.netgrimoire.com | Containerized browser | `jlesage/firefox` | + +--- + +## 📊 Monitoring & Observability + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Uptime Kuma | znas / Swarm | — | Service uptime monitoring | `louislam/uptime-kuma:1` | +| ✅ | AutoKuma | znas / Swarm | — | Auto-create Kuma monitors from labels | `ghcr.io/bigboot/autokuma`; co-deployed in `kuma.yaml` | +| ✅ | Beszel | znas / Swarm | — | Docker resource monitoring | `henrygd/beszel` hub + agents on all nodes | +| ✅ | DIUN | znas / Swarm | — | Docker image update notifications | `crazymax/diun`; label-based per-service | +| ✅ | ntfy | znas / Swarm | ntfy.netgrimoire.com | Push notifications | `binwiederhier/ntfy`; OPNsense alerts via CrowdSec HTTP plugin | +| ✅ | Dozzle | znas / Swarm | dozzle.netgrimoire.com | Real-time container logs | `amir20/dozzle`; behind Authentik | +| ✅ | Scrutiny | znas / Compose | scrutiny.netgrimoire.com | Disk S.M.A.R.T. monitoring | `analogj/scrutiny:master-omnibus`; monitors /dev/sda–sdg; behind Authentik | +| ✅ | Glances | znas / Compose | — | Real-time system stats | `nicolargo/glances`; `network_mode: host`; co-deployed in `monitor.yaml` | +| ✅ | Graylog | docker4 / Compose | log.netgrimoire.com | Log aggregation | Graylog 6.0 + MongoDB 5 + DataNode (OpenSearch); compose-only (noted in file) | +| ✅ | LibreNMS | docker3 / Compose | nms.netgrimoire.com | Network/SNMP monitoring | Full stack: librenms + dispatcher + syslog-ng + snmptrapd + MariaDB + Redis; port 8000 | +| ✅ | Homelable | znas / Compose | — | Infrastructure visualizer | Frontend + Backend via GHCR; MCP deferred (requires build from source) | +| ✅ | phpIPAM | znas / Swarm | ipam.netgrimoire.com | IP address management | `phpipam/phpipam-www` + cron + MariaDB | +| ✅ | Homepage | znas / Swarm | — | Primary dashboard | `ghcr.io/gethomepage/homepage` | +| ✅ | Glance | znas / Swarm | home.netgrimoire.com | Alternative dashboard | `glanceapp/glance` | +| ✅ | Dockpeek | znas / Swarm | dockpeek.netgrimoire.com | Container inspector | `dockpeek/dockpeek` | +| ✅ | Loki + Promtail + Grafana | znas / Swarm | — | Metrics/log stack | `logging.yaml`; Grafana 10.4.2 + Loki 2.9.3 + Promtail 2.9.3 | +| ✅ | phpMyAdmin + phpPgAdmin | znas / Swarm | — | DB admin UIs | `SQL-mgmt.yaml` | +| ✅ | pgAdmin | znas / Swarm | — | Postgres admin | `dpage/pgadmin4`; `database.yaml` | +| 🔍 | WatchYourLAN | TBD | — | Network device tracker | https://github.com/aceberg/WatchYourLAN | +| 🔍 | NUT UPS | TBD | — | UPS power management | https://hub.docker.com/r/instantlinux/nut-upsd | +| 🔍 | OliveTin | TBD | — | Web button → shell command | Run commands from web UI | +| 🔍 | Swarm Dashboard | TBD | — | Docker Swarm visualizer | https://github.com/mohsenasm/swarm-dashboard | + +--- + +## 💾 Storage & Backup + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | OpenZFS (ZNAS) | znas | — | Primary storage | ~94TB raw, two RAIDZ1 VDEVs; vault pool | +| ✅ | NFSv4 | znas | — | Shared storage for Swarm | Loopback NFS at `/data/nfs/znas`; ZFS must fully mount before NFS starts | +| ✅ | Kopia (primary vault) | znas / Swarm | kopia.netgrimoire.com | Primary backup repo | `kopia.yaml`; dedup + replication | +| ✅ | Kopia (offsite vault) | znas / Swarm | vault.netgrimoire.com | Offsite replication server | `vault.yaml`; port 51516; separate dataset → ZFS raw send to Pi vaults | +| ✅ | syncoid | znas | — | ZFS replication | Syncs vault/Green/Pocket → Pocket Grimoire | +| ✅ | Nextcloud AIO BorgBackup | znas | — | Nextcloud-native backup | Local snapshots before Kopia | +| ✅ | Czkawka | znas / Swarm | dupes.netgrimoire.com | Duplicate file finder | `jlesage/czkawka` | +| ✅ | Cloud Commander | znas / Swarm | — | Web file manager | `coderaiser/cloudcmd`; **two instances** (`cloudcmd.yaml` + `commander.yaml`) — verify if intentional | +| ✅ | File Browser | znas / Swarm | — | Web file manager | `filebrowser/filebrowser` | +| 🔍 | Manyfold | TBD | — | 3D print model collector | https://github.com/manyfold3d/manyfold | + +--- + +## 🖥️ Management & Remote Access + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Portainer | znas / Swarm | docker.netgrimoire.com | Container management UI | `portainer/portainer-ce:2.33.6` + agents on all nodes | +| ✅ | ISPConfig | 192.168.4.11 | — | Web/DNS hosting control panel | | +| ✅ | Cockpit | All hosts | win.netgrimoire.com | Linux server management | Caddy → `192.168.5.10:8006` | +| ✅ | Termix | znas / Swarm | termix.netgrimoire.com | Web-based terminal | `ghcr.io/lukegus/termix` | +| ✅ | DumbTerm | znas / Swarm | — | Simple web terminal | `dockwareio/dumbterm` | +| ✅ | Windows 7 (VM) | znas / Compose | — | Windows VM | `dockurr/windows`; `windows7.yaml` | +| 🔍 | Guacamole | TBD | — | Remote desktop gateway | Previously tried as `nxterm` — in archive | +| 🔍 | SSHwifty | TBD | — | SSH web client | In archive; reconsidering | + +--- + +## 🎭 Green Door (Adult Content) + +> Protected behind Authelia (`*.wasted-bandwidth.net`) + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Whisparr | znas / Swarm | — | Adult content downloader | `ghcr.io/hotio/whisparr` | +| ✅ | Namer | znas / Compose | namer.wasted-bandwidth.net | Scene file namer | `theporndatabase/namer`; port 6980; data → `/data/nfs/Baxter/Green/` | +| ✅ | Stash (main) | znas / Compose | stash.wasted-bandwidth.net | Adult content library | `stashapp/stash`; port 9999 | +| ✅ | PocketStash | znas / Compose | — | Stash for Pocket Grimoire | Separate instance; port 9998; data → `/export/Green/Pocket/`; `pocketstash.yaml` | + +--- + +## 🌐 Web Hosting + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Apache/PHP web | znas / Swarm | fish.pncharris.com · www.wasted-bandwidth.net | Static/PHP web hosting | `php:8.2-apache`; `web.yaml`; replicas: 1 | + +--- + +## 📦 Archive (Not Currently Running) + +> Files in `archive/` — previously evaluated or deployed, not currently active. + +| App | File | Notes | +|-----|------|-------| +| Plex | `plex.yaml` | Replaced by Jellyfin | +| Komodo | `komodo.yaml` | Container management platform — evaluated, not deployed | +| cAdvisor | `cadvisor.yaml` | Container metrics — not deployed | +| Peekaping | `peekaping.yaml` | Uptime monitor — Kuma preferred | +| WatchState | `WatchState.yaml` | Jellyfin/Plex watch state sync | +| Nessus | `nessus.yaml` | Vulnerability scanner — evaluated | +| NxTerm | `nxterm.yaml` | Guacamole-style remote desktop — evaluated | +| SSHwifty | `sshwifty.yaml` | SSH web client — evaluated | +| Wordpress Classifieds | `wordpress-classifieds.yaml` | Not deployed | +| Cal (calendar?) | `cal.yaml` | Evaluated | +| CrowdSec (standalone) | `crowdsec.yaml` | Merged into Caddy stack | +| Arr stack | `arr.yaml` | Old consolidated arr compose — superseded by individual yamls | +| Caddyfile.old | `Caddyfile.old` | Legacy Caddyfile | + +--- + +## 🗃️ Ideas Backlog + +| App | Category | Notes | +|-----|----------|-------| +| Soularr | Audio | Soulseek for Lidarr; strongly recommended | +| Tubifarry | Audio | Spotify → YouTube → Lidarr | +| MeTube | Video | YouTube downloader for Tunarr filler | +| Memos | Journal | Preferred self-hosted journal pick | +| Wallabag | Reading | Read-it-later | +| Firefly III | Finance | Budgeting | +| Baikal | PIM | CalDAV/CardDAV | +| Fluid Calendar | PIM | https://github.com/dotnetfactory/fluid-calendar | +| Perplexica | AI | Self-hosted AI search | +| WatchYourLAN | Network | Device tracker | +| OliveTin | Automation | Web UI → shell commands | +| Swarm Dashboard | Monitoring | Swarm-aware visualizer | +| ContainerNursery | Automation | On-demand container start/stop | +| NUT UPS | Power | UPS management | +| Wire-pod for Vector | IoT | Anki Vector local server | +| Kindle reuse | IoT | Repurpose Kindle as weather/info display | +| Collectarr | Media | https://github.com/RiffSphere/Collectarr | +| SuggestArr | Media | Automated media recommendations | +| Recommendarr | Media | AI media recommendations | +| Manyfold | 3D Print | Model library | +| OrcaSlicer | 3D Print | Slicer web UI | +| Memos / Journiv | Journal | Self-hosted journaling (Memos preferred) | +| Romm | Gaming | ROM library manager | +| EmulatorJS | Gaming | Browser-based emulation | + +--- + +## 🔑 Key Architecture Decisions & Gotchas + +> Reference these before deploying or modifying services. + +- **MailCow network isolation:** Only `nginx-mailcow` on the `netgrimoire` overlay. All other containers stay on internal bridge. Mixing causes PHP-FPM → Redis DNS conflicts. +- **caddy-docker-proxy + static Caddyfile conflict:** Never manage the same hostname via both Docker labels AND a static block. Pick one method exclusively per service. +- **`{{upstreams}}` is Swarm-only:** Does not work for Docker Compose stacks. Use static Caddyfile with container name or pinned IP. +- **Docker Compose `ports: []` override:** Does not nullify ports from base file. Remap to unused host ports instead. +- **Graylog is Compose-only:** The `graylog.yaml` file explicitly notes this — do not attempt to run it in Swarm. +- **Calibre requires `seccomp=unconfined`:** Necessary for the desktop app container; incompatible with Swarm mode — must remain in `compose/znas/`. +- **Kopia repos not ZFS-separable:** Use separate repositories with independent retention (`kopia.yaml` vs `vault.yaml`) rather than trying to separate at the ZFS snapshot level. +- **ZFS encryption:** In-place encryption impossible. Use rsync migration + `-w` flag for raw send to Pi vaults (no key needed on vault side). +- **SRS rewrite:** All domains using MXRoute inbound forwarding require catch-all aliases in MailCow to prevent `reject_unlisted_sender` rejections. +- **Docker Swarm DNS caching:** Use `endpoint_mode: dnsrr` for internal services; VIP only for published-port services. +- **NFS boot ordering on znas:** ZFS must fully mount before NFS starts — systemd override required (`After=zfs-import.target zfs-mount.service`). Loopback NFS mount needs `x-systemd.after=nfs-server.service` in fstab. +- **Wiki.js angle brackets:** `` placeholders cause rendering hangs. Use `VALUE` or backtick format instead. +- **bcrypt in `.env`:** Wrap full hash in single quotes to preserve leading `$`. +- **Webtop GPU rendering:** Requires `LIBGL_ALWAYS_SOFTWARE=1` + `GALLIUM_DRIVER=llvmpipe`; remove `devices:/dev/dri` mapping. +- **Cloud Commander duplication:** Two nearly identical `coderaiser/cloudcmd` stacks exist (`cloudcmd.yaml` + `commander.yaml`) — verify if intentional or a duplicate to clean up. +- **Lidarr missing Caddy label:** Lidarr yaml has no caddy label — either routed via static Caddyfile or not yet exposed. Confirm and standardize. + +--- + +*Last updated: March 2026 | Source: Forgejo repo git archive* \ No newline at end of file diff --git a/Work/C9300GX-Port_Breakout.md b/Work/C9300GX-Port_Breakout.md index 65f353a..6766fc8 100644 --- a/Work/C9300GX-Port_Breakout.md +++ b/Work/C9300GX-Port_Breakout.md @@ -2,7 +2,7 @@ title: Nexus Upgrade port Breakout description: published: true -date: 2026-02-20T19:24:19.622Z +date: 2026-02-20T19:24:28.054Z tags: editor: markdown dateCreated: 2026-02-19T20:55:53.800Z diff --git a/Work/C9300GX_2_Build.md b/Work/C9300GX_2_Build.md index cb77c61..f6fc061 100644 --- a/Work/C9300GX_2_Build.md +++ b/Work/C9300GX_2_Build.md @@ -2,7 +2,7 @@ title: C9300GX Initial Build description: published: true -date: 2026-02-19T20:53:59.281Z +date: 2026-02-19T20:54:08.096Z tags: editor: markdown dateCreated: 2026-02-19T20:50:41.541Z diff --git a/Work/Cisco/NTP_ESS9300.md b/Work/Cisco/NTP_ESS9300.md new file mode 100644 index 0000000..78c8228 --- /dev/null +++ b/Work/Cisco/NTP_ESS9300.md @@ -0,0 +1,899 @@ +--- +title: ESS9300 NTP +description: +published: true +date: 2026-03-31T21:25:14.679Z +tags: +editor: markdown +dateCreated: 2026-03-31T21:25:08.700Z +--- + +# Cisco ESS 9300 (IE-9300) NTP Configuration and Troubleshooting Guide + +## Overview + +This guide provides complete NTP (Network Time Protocol) configuration steps and troubleshooting procedures for the Cisco Catalyst ESS 9300 (IE-9300) industrial Ethernet switch running IOS-XE. Accurate time synchronization is critical for logging, AAA, certificates, syslog correlation, and distributed system troubleshooting. + +--- + +## NTP Configuration + +### Basic NTP Server Configuration + +```cisco +configure terminal + +! Configure NTP servers (use multiple servers for redundancy) +ntp server 10.1.1.10 prefer +ntp server 10.1.1.11 +ntp server 192.0.2.1 + +! Configure NTP source interface (optional but recommended) +ntp source GigabitEthernet1/1 + +! Alternatively, use management interface if configured +! ntp source GigabitEthernet0/0 + +! Set timezone (adjust to your location) +clock timezone EST -5 0 + +! Configure daylight saving time (if applicable) +clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 + +! Save configuration +end +write memory +``` + +### NTP Authentication (Recommended for Production) + +```cisco +configure terminal + +! Enable NTP authentication +ntp authenticate + +! Create authentication keys (key ID 1-65535) +ntp authentication-key 1 md5 YourSecureKey123 +ntp authentication-key 2 md5 AnotherSecureKey456 + +! Specify trusted keys +ntp trusted-key 1 +ntp trusted-key 2 + +! Apply authentication to NTP servers +ntp server 10.1.1.10 prefer key 1 +ntp server 10.1.1.11 key 2 + +end +write memory +``` + +### NTP Access Control (Security Best Practice) + +```cisco +configure terminal + +! Define access control for NTP +! peer: Allow time sync from these sources +! serve: Respond to time requests from these sources +! serve-only: Respond to requests but don't sync from them +! query-only: Allow status queries only + +ntp access-group peer 10 +ntp access-group serve 20 +ntp access-group query-only 30 + +! Create access lists +access-list 10 remark NTP Peers - Allow sync +access-list 10 permit 10.1.1.0 0.0.0.255 + +access-list 20 remark NTP Serve - Respond to requests +access-list 20 permit 10.0.0.0 0.255.255.255 + +access-list 30 remark NTP Query - Status queries only +access-list 30 permit 192.168.0.0 0.0.255.255 + +end +write memory +``` + +### NTP Master Configuration (Switch as Time Source) + +```cisco +configure terminal + +! Configure switch as NTP master (stratum level) +! Only use if external NTP servers are unavailable +ntp master 8 + +! This makes the switch authoritative at stratum 8 +! Lower stratum = higher priority (1 is highest, typically atomic clocks) +! Use stratum 8-15 for internal masters + +end +write memory +``` + +### Advanced NTP Configuration + +```cisco +configure terminal + +! Update calendar from NTP (hardware clock sync) +ntp update-calendar + +! Disable NTP on specific interfaces (if needed) +interface GigabitEthernet1/10 + ntp disable + exit + +! Configure NTP broadcast (server mode) +interface GigabitEthernet1/1 + ntp broadcast + exit + +! Configure NTP broadcast client (client mode) +interface GigabitEthernet1/2 + ntp broadcast client + exit + +! Configure NTP logging +service timestamps log datetime msec localtime show-timezone +service timestamps debug datetime msec localtime show-timezone + +end +write memory +``` + +--- + +## Verification Commands + +### Check NTP Status + +```cisco +! Show NTP status summary +show ntp status + +! Expected output when synchronized: +! Clock is synchronized, stratum 3, reference is 10.1.1.10 +! nominal freq is 250.0000 Hz, actual freq is 250.0008 Hz, precision is 2**10 +! ntp uptime is 86400 (1/100 of seconds), resolution is 4016 +! reference time is E8C9A234.1F2E3D4C (10:15:48.121 EST Mon Jan 15 2024) +! clock offset is -0.5234 msec, root delay is 12.34 msec +! root dispersion is 45.67 msec, peer dispersion is 1.23 msec +! loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000008234 s/s +! system poll interval is 64, last update was 25 sec ago +``` + +### Check NTP Associations + +```cisco +! Show all NTP associations (peers) +show ntp associations + +! Detailed view +show ntp associations detail + +! Column descriptions: +! * = synchronized, + = candidate, # = selected, - = outlier +! address: NTP server address +! ref clock: reference source of the server +! st: stratum level +! when: last packet received (seconds) +! poll: polling interval (seconds) +! reach: reachability (377 octal = all 8 attempts successful) +! delay: round-trip delay (ms) +! offset: time difference (ms) +! disp: dispersion/jitter (ms) +``` + +### Check Clock and Time + +```cisco +! Display current time +show clock + +! Display detailed clock information +show clock detail + +! Show calendar (hardware clock) +show calendar +``` + +### Check NTP Configuration + +```cisco +! Show all NTP configuration +show ntp config + +! Show running NTP configuration +show running-config | include ntp +show running-config | include clock +``` + +### Check NTP Authentication + +```cisco +! Show authentication keys (hashed) +show ntp authentication-keys + +! Show authentication status +show ntp status | include authentication +``` + +--- + +## Common Configuration Examples + +### Example 1: Industrial Network Configuration + +```cisco +configure terminal + +! Use site NTP servers +ntp server 10.100.1.10 prefer +ntp server 10.100.1.11 +ntp server 10.100.1.12 + +! Use primary uplink as source +ntp source GigabitEthernet1/1 + +! Central Standard Time +clock timezone CST -6 0 +clock summer-time CDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 + +! Sync hardware clock +ntp update-calendar + +! Enable timestamps +service timestamps log datetime msec localtime show-timezone +service timestamps debug datetime msec localtime show-timezone + +end +write memory +``` + +### Example 2: Secure Configuration with Authentication + +```cisco +configure terminal + +! Enable NTP authentication +ntp authenticate +ntp authentication-key 10 md5 Ind_NTP_K3y_2024 +ntp trusted-key 10 + +! Configure authenticated servers +ntp server 10.100.1.10 prefer key 10 +ntp server 10.100.1.11 key 10 + +! Access control +ntp access-group peer 10 +ntp access-group query-only 30 + +access-list 10 remark NTP Peers +access-list 10 permit 10.100.1.0 0.0.0.255 + +access-list 30 remark NTP Query +access-list 30 permit 10.100.0.0 0.0.255.255 + +! Source and timezone +ntp source GigabitEthernet1/1 +clock timezone CST -6 0 +clock summer-time CDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 + +ntp update-calendar + +service timestamps log datetime msec localtime show-timezone + +end +write memory +``` + +### Example 3: Redundant Time Source with Fallback + +```cisco +configure terminal + +! Primary NTP servers +ntp server 10.100.1.10 prefer +ntp server 10.100.1.11 + +! Fallback to public NTP if internal servers fail +ntp server 129.6.15.28 +ntp server 132.163.96.1 + +! Use as master only if all external sources fail +ntp master 10 + +ntp source GigabitEthernet1/1 +clock timezone EST -5 0 +clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 + +ntp update-calendar + +end +write memory +``` + +--- + +## Troubleshooting Guide + +### Issue: NTP Not Synchronizing + +**Symptoms:** +- `show ntp status` shows "Clock is unsynchronized" +- No asterisk (*) appears in `show ntp associations` +- "unsynchronized" appears in status output + +**Troubleshooting Steps:** + +1. **Verify NTP servers are configured:** + ```cisco + show running-config | include ntp server + ``` + +2. **Check network connectivity to NTP servers:** + ```cisco + ping 10.1.1.10 + ping 10.1.1.10 source GigabitEthernet1/1 + traceroute 10.1.1.10 + ``` + +3. **Verify NTP packets are being exchanged:** + ```cisco + show ntp associations detail + ! Check 'reach' value - should be 377 (octal) = all attempts successful + ! Check 'when' value - should be recent (< poll interval) + ``` + +4. **Check for authentication mismatches:** + ```cisco + show ntp status + ! Look for authentication errors + debug ntp all + ! Watch for authentication failures + undebug all + ``` + +5. **Verify access lists aren't blocking NTP:** + ```cisco + show access-lists + ! NTP uses UDP port 123 + ! Verify ACLs allow UDP 123 traffic + ``` + +6. **Check for large time offset:** + ```cisco + show ntp associations detail + ! If offset > 1000 seconds, manually set clock first + clock set 14:30:00 15 January 2024 + ``` + +7. **Verify source interface is up:** + ```cisco + show ip interface brief | include GigabitEthernet1/1 + ! Source interface must be up/up + ``` + +### Issue: High Offset or Jitter + +**Symptoms:** +- Time drifts significantly +- High offset values in `show ntp associations` +- Inconsistent time across devices + +**Troubleshooting Steps:** + +1. **Check network latency and stability:** + ```cisco + ping 10.1.1.10 repeat 100 + ! Look for: + ! - Packet loss (should be 0%) + ! - High round-trip time (> 100ms problematic) + ! - Variable latency (jitter) + ``` + +2. **Verify stratum levels:** + ```cisco + show ntp associations + ! Stratum (st) should be: + ! - < 10 for reliable servers + ! - Lower is better (1 = atomic clock, 2 = GPS) + ! - Your switch should be stratum +1 from source + ``` + +3. **Increase number of NTP servers:** + ```cisco + ! Use at least 3 servers for best accuracy + ! NTP uses voting algorithm to select best time source + configure terminal + ntp server 10.1.1.12 + ntp server 10.1.1.13 + ``` + +4. **Check upstream NTP server health:** + ```cisco + show ntp associations detail + ! Verify servers show: + ! - condition = 'sys.peer' or 'candidate' + ! - reach = 377 + ! - Low dispersion (disp) + ``` + +5. **Monitor polling interval:** + ```cisco + show ntp associations + ! Poll interval should stabilize at 64-1024 seconds + ! Frequent changes indicate instability + ``` + +### Issue: Authentication Failures + +**Symptoms:** +- Peers show as unreachable despite network connectivity +- NTP status shows authentication errors +- Reach value remains 0 + +**Troubleshooting Steps:** + +1. **Verify authentication is enabled:** + ```cisco + show ntp status | include authentication + ! Should show: "authentication enabled" + ``` + +2. **Check authentication keys are configured:** + ```cisco + show ntp authentication-keys + ! Verify key IDs exist + ``` + +3. **Verify trusted keys:** + ```cisco + show running-config | include ntp trusted-key + ! Keys must be marked as trusted + ``` + +4. **Confirm server configuration uses correct key:** + ```cisco + show running-config | include ntp server + ! Verify key ID matches trusted key + ``` + +5. **Debug authentication:** + ```cisco + debug ntp authentication + debug ntp validity + ! Watch for authentication failures + ! Look for key mismatches + undebug all + ``` + +6. **Temporarily disable authentication to test:** + ```cisco + configure terminal + no ntp authenticate + ! Test if synchronization works without auth + ! Then re-enable: + ntp authenticate + ``` + +### Issue: Time Correct but Timezone Wrong + +**Symptoms:** +- NTP shows synchronized +- Time is off by exact number of hours +- Logs show incorrect time + +**Troubleshooting Steps:** + +1. **Verify timezone configuration:** + ```cisco + show running-config | include clock timezone + ! Ensure timezone offset is correct for your location + ``` + +2. **Check daylight saving time:** + ```cisco + show clock detail + ! Verify DST rules are correct + ! Look for summer-time configuration + ``` + +3. **Reconfigure timezone if needed:** + ```cisco + configure terminal + clock timezone EST -5 0 + clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 + ``` + +4. **Verify timestamps in logs:** + ```cisco + show running-config | include service timestamps + ! Should include 'localtime' and 'show-timezone' + ``` + +### Issue: Hardware Clock Not Updating + +**Symptoms:** +- `show clock` shows correct time +- `show calendar` shows old time +- Time resets after reload + +**Troubleshooting Steps:** + +1. **Verify update-calendar is configured:** + ```cisco + show running-config | include ntp update-calendar + ``` + +2. **Manually update calendar:** + ```cisco + ntp update-calendar + ! Or manually: + clock update-calendar + ``` + +3. **Check calendar after sync:** + ```cisco + show calendar + show clock + ! Should match within a few seconds + ``` + +4. **Configure automatic update:** + ```cisco + configure terminal + ntp update-calendar + end + write memory + ``` + +### Issue: NTP Works but Stops After Time + +**Symptoms:** +- NTP synchronizes initially +- Loses sync after hours/days +- Reach value degrades over time + +**Troubleshooting Steps:** + +1. **Check for network instability:** + ```cisco + show ntp associations detail + ! Monitor 'reach' value over time + ! Should remain at 377 + ``` + +2. **Verify interface stability:** + ```cisco + show interface GigabitEthernet1/1 + ! Check for errors, resets, or flapping + ``` + +3. **Check for routing changes:** + ```cisco + show ip route 10.1.1.10 + ! Verify consistent route to NTP server + ``` + +4. **Monitor NTP server health:** + ```cisco + ! Check if NTP server itself is stable + show ntp associations detail + ! Look for increasing dispersion + ``` + +5. **Check for memory or CPU issues:** + ```cisco + show processes cpu sorted + show processes memory sorted + ! High CPU or memory can affect NTP + ``` + +--- + +## Best Practices + +### Redundancy +- Configure at least **3 NTP servers** for optimal accuracy and fault tolerance +- Use diverse network paths to NTP servers when possible +- Consider geographic diversity for enterprise deployments +- Use both on-site and off-site NTP sources + +### Security +- **Always use NTP authentication** in production industrial environments +- Implement access control lists to restrict NTP access +- Use MD5 authentication keys with strong passwords +- Regularly rotate authentication keys (annually recommended) +- Monitor for NTP-based attacks (amplification, spoofing) + +### Performance +- Use `prefer` keyword on the most reliable/accurate server +- Choose NTP servers with low stratum (2-4 is ideal for enterprise) +- Select geographically close servers to minimize latency +- Avoid using stratum 1 servers directly (use stratum 2 instead) +- Ensure stable network path to NTP servers + +### Industrial Environment Considerations +- Account for temperature variations in industrial settings +- Use ruggedized NTP appliances in harsh environments +- Consider GPS-based NTP servers for isolated sites +- Implement redundant time sources for critical applications +- Test NTP resilience during network outages + +### Maintenance +- Regularly verify NTP synchronization status (daily) +- Monitor offset and jitter values (weekly) +- Review NTP logs for anomalies +- Update authentication keys periodically +- Document your NTP server hierarchy +- Test failover scenarios + +### Time Initialization +- When first configuring, manually set clock to within 1000 seconds +- NTP will refuse to sync if initial offset is too large +- Use `clock set` command before enabling NTP on new switches +- Allow 10-15 minutes for initial synchronization +- Monitor stabilization with `show ntp associations` + +--- + +## Monitoring and Logging + +### Regular Health Checks + +```cisco +! Daily verification +show ntp status | include Clock +show ntp associations | include "\*" + +! Weekly detailed check +show ntp associations detail +show clock detail + +! Check for errors +show logging | include NTP +``` + +### Enable SNMP Monitoring + +```cisco +configure terminal + +! Enable SNMP for NTP monitoring +snmp-server enable traps ntp + +! Configure SNMP trap receiver +snmp-server host 10.1.1.100 version 2c YourCommunity + +end +write memory +``` + +### Syslog Monitoring + +```cisco +configure terminal + +! Configure syslog server +logging host 10.1.1.50 + +! Set logging level +logging trap informational + +! Enable timestamps +service timestamps log datetime msec localtime show-timezone + +end +write memory +``` + +### EEM Script for NTP Monitoring + +```cisco +configure terminal + +! Create EEM applet to monitor NTP +event manager applet NTP-Monitor + event timer watchdog time 300 + action 1.0 cli command "enable" + action 2.0 cli command "show ntp status | include Clock" + action 3.0 regexp "unsynchronized" "$_cli_result" + action 4.0 if $_regexp_result eq 1 + action 4.1 syslog msg "NTP ALERT: Clock is unsynchronized" + action 4.2 cli command "show ntp associations" + action 5.0 end + +end +write memory +``` + +--- + +## Debug Commands + +### NTP Debugging + +```cisco +! Enable NTP debugging (use with caution in production) +debug ntp all +debug ntp authentication +debug ntp events +debug ntp packets +debug ntp validity + +! Disable debugging +undebug all +! Or +no debug all +``` + +### Conditional Debugging + +```cisco +! Debug specific NTP server +debug ntp packets 10.1.1.10 + +! View debug output +terminal monitor +! Then enable debugging +``` + +**Warning:** Debugging can generate significant CPU load. Use sparingly in production and disable when troubleshooting is complete. + +--- + +## Quick Reference Commands + +| Command | Purpose | +|---------|---------| +| `show ntp status` | Display synchronization status | +| `show ntp associations` | List all NTP peers and sync status | +| `show ntp associations detail` | Detailed peer statistics | +| `show clock` | Current system time | +| `show clock detail` | Time with timezone and DST info | +| `show calendar` | Hardware clock time | +| `show running-config \| include ntp` | Display NTP configuration | +| `show running-config \| include clock` | Display time configuration | +| `show ntp authentication-keys` | List configured auth keys | +| `ntp update-calendar` | Sync hardware clock from system | +| `clock update-calendar` | Alternative calendar sync | +| `clock set HH:MM:SS DD Month YYYY` | Manually set system time | + +--- + +## IOS-XE Specific Features + +### NTP Broadcast + +The ESS 9300 running IOS-XE supports NTP broadcast mode: + +```cisco +! Server sends periodic broadcasts +interface GigabitEthernet1/1 + ntp broadcast + exit + +! Client receives broadcasts +interface GigabitEthernet1/2 + ntp broadcast client + exit +``` + +### NTP Multicast + +```cisco +! Server sends to multicast group +interface GigabitEthernet1/1 + ntp multicast 224.0.1.1 + exit + +! Client receives multicast +interface GigabitEthernet1/2 + ntp multicast client 224.0.1.1 + exit +``` + +### IPv6 NTP Support + +```cisco +configure terminal + +! IPv6 NTP server +ntp server 2001:db8::10 prefer + +! IPv6 source interface +ntp source Vlan100 + +end +write memory +``` + +--- + +## Appendix: Public NTP Servers + +### NIST (US Government) +- `129.6.15.28` - NIST, Gaithersburg, Maryland +- `129.6.15.29` - NIST, Gaithersburg, Maryland +- `132.163.96.1` - NIST, Boulder, Colorado +- `132.163.96.2` - NIST, Boulder, Colorado + +### US Naval Observatory +- `192.5.41.40` - tick.usno.navy.mil +- `192.5.41.41` - tock.usno.navy.mil + +### NTP Pool Project +- `0.pool.ntp.org` +- `1.pool.ntp.org` +- `2.pool.ntp.org` +- `3.pool.ntp.org` + +### Regional Pools +- `0.north-america.pool.ntp.org` +- `0.us.pool.ntp.org` + +**Note:** For production industrial use, deploy internal GPS-synchronized NTP servers rather than having all devices query public servers directly. This improves reliability, reduces external dependencies, and provides better time accuracy. + +--- + +## Integration with Industrial Protocols + +### PTP (Precision Time Protocol) Coexistence + +The ESS 9300 supports both NTP and PTP (IEEE 1588). Best practices: + +- Use **PTP for sub-microsecond precision** (automation, motion control) +- Use **NTP for general timekeeping** (logging, AAA, management) +- Keep NTP and PTP on separate VLANs if possible +- Use NTP for non-critical devices +- Reserve PTP for time-critical industrial applications + +### Synchronization with PLCs and SCADA + +```cisco +! Configure NTP to serve time to industrial devices +configure terminal + +ntp master 3 +ntp source GigabitEthernet1/1 + +! Allow SCADA network to query time +ntp access-group serve 20 +access-list 20 permit 10.50.0.0 0.0.255.255 + +end +write memory +``` + +--- + +## Differences from Nexus NX-OS + +Key differences when coming from Nexus switches: + +| Feature | Nexus (NX-OS) | ESS 9300 (IOS-XE) | +|---------|---------------|-------------------| +| VRF syntax | `use-vrf management` | Not required (use `source` instead) | +| Feature enable | `feature ntp` | Not required (built-in) | +| Calendar sync | N/A | `ntp update-calendar` | +| Save config | `copy run start` | `write memory` or `copy run start` | +| Auth key type | MD5 with type 7 | MD5 (auto-encrypted) | +| Interface naming | `mgmt0` | `GigabitEthernet0/0` | + +--- + +## Document Information + +**Target Platform:** Cisco Catalyst ESS 9300 (IE-9300) +**Operating System:** IOS-XE +**IOS-XE Versions:** 17.x +**Last Updated:** March 2026 +**Document Purpose:** Configuration reference and troubleshooting guide for industrial Ethernet environments + +For Cisco IOS-XE command reference, consult the official Cisco documentation for your specific software version. \ No newline at end of file diff --git a/Work/Cisco/Nexus_NTP.md b/Work/Cisco/Nexus_NTP.md new file mode 100644 index 0000000..67c8af9 --- /dev/null +++ b/Work/Cisco/Nexus_NTP.md @@ -0,0 +1,518 @@ +--- +title: NTP Deep dive on the Nexus +description: Config and troubleshoot +published: true +date: 2026-03-31T20:46:08.474Z +tags: +editor: markdown +dateCreated: 2026-03-31T20:45:58.287Z +--- + +# Cisco Nexus 93180 NTP Configuration and Troubleshooting Guide + +## Overview + +This guide provides complete NTP (Network Time Protocol) configuration steps and troubleshooting procedures for the Cisco Nexus 93180 switch running NX-OS. Accurate time synchronization is critical for logging, AAA, certificates, and distributed system correlation. + +--- + +## NTP Configuration + +### Basic NTP Server Configuration + + configure terminal + + ! Enable NTP feature (if not already enabled) + feature ntp + + ! Configure NTP servers (use multiple servers for redundancy) + ntp server 10.1.1.10 prefer use-vrf management + ntp server 10.1.1.11 use-vrf management + ntp server 192.0.2.1 use-vrf default + + ! Configure NTP source interface (optional but recommended) + ntp source-interface mgmt0 + + ! Set timezone (adjust to your location) + clock timezone EST -5 0 + + ! Configure daylight saving time (if applicable) + clock summer-time EDT 2 Sunday March 02:00 1 Sunday November 02:00 60 + + ! Save configuration + copy running-config startup-config + +### NTP Authentication (Recommended for Production) + + configure terminal + + ! Enable NTP authentication + ntp authenticate + + ! Create authentication keys + ntp authentication-key 1 md5 YourSecureKey123 7 + ntp authentication-key 2 md5 AnotherSecureKey456 7 + + ! Specify trusted keys + ntp trusted-key 1 + ntp trusted-key 2 + + ! Apply authentication to NTP servers + ntp server 10.1.1.10 prefer use-vrf management key 1 + ntp server 10.1.1.11 use-vrf management key 2 + + copy running-config startup-config + +### NTP Access Control (Security Best Practice) + + configure terminal + + ! Define access control for NTP + ! peer: Allow sync and queries + ! serve: Respond to queries only + ! serve-only: Respond to queries but don't sync + ! query-only: Allow queries only + + ntp access-group peer PeerACL + ntp access-group serve ServeACL + ntp access-group query-only QueryACL + + ! Create ACLs + ip access-list NTP-Peers + 10 permit ip 10.1.1.0/24 any + 20 deny ip any any + + ip access-list NTP-Serve + 10 permit ip 10.0.0.0/8 any + 20 deny ip any any + + copy running-config startup-config + +### NTP Master Configuration (Switch as Time Source) + + configure terminal + + ! Configure switch as NTP master (stratum level) + ! Only use if external NTP servers are unavailable + ntp master 8 + + ! This makes the switch authoritative at stratum 8 + ! Lower stratum = higher priority (1 is highest) + + copy running-config startup-config + +### Logging NTP Events + + configure terminal + + ! Enable logging for NTP + ntp logging + + ! Adjust logging level if needed + logging level ntp 6 + + copy running-config startup-config + +--- + +## Verification Commands + +### Check NTP Status + + ! Show NTP status summary + show ntp status + + ! Expected output when synchronized: + ! Clock is synchronized, stratum 3, reference is 10.1.1.10 + ! nominal freq is 250.0000 Hz, actual freq is 250.0010 Hz, precision is 2**18 + ! reference time is E8C9A234.1F2E3D4C (10:15:48.121 EST Mon Jan 15 2024) + ! clock offset is -0.0023 msec, root delay is 12.34 msec + ! root dispersion is 45.67 msec, peer dispersion is 1.23 msec + +### Check NTP Peers + + ! Show all NTP peers and their status + show ntp peers + + ! Column descriptions: + ! * = synchronized, + = candidate, # = selected + ! remote: NTP server address + ! ref clock: reference source of the server + ! st: stratum level + ! when: last packet received (seconds) + ! poll: polling interval + ! reach: reachability (377 = all 8 attempts successful) + ! delay: round-trip delay (ms) + ! offset: time difference (ms) + ! jitter: dispersion (ms) + +### Check NTP Statistics + + ! Show detailed peer statistics + show ntp peer-status + + ! Show specific peer details + show ntp peer 10.1.1.10 + +### Check NTP Authentication + + ! Verify authentication keys + show ntp authentication-keys + + ! Check authentication status + show ntp authentication-status + +### Check Time Configuration + + ! Display current clock settings + show clock detail + + ! Show timezone configuration + show running-config | include clock + +--- + +## Common Configuration Examples + +### Example 1: Enterprise Configuration with Multiple Servers + + configure terminal + + feature ntp + + ! Use company NTP servers in management VRF + ntp server 10.10.1.10 prefer use-vrf management + ntp server 10.10.1.11 use-vrf management + ntp server 10.10.1.12 use-vrf management + + ! Use public NTP as backup in default VRF + ntp server 129.6.15.28 use-vrf default + ntp server 132.163.96.1 use-vrf default + + ntp source-interface mgmt0 + + clock timezone EST -5 0 + clock summer-time EDT 2 Sunday March 02:00 1 Sunday November 02:00 60 + + ntp logging + + copy running-config startup-config + +### Example 2: Secure Configuration with Authentication + + configure terminal + + feature ntp + + ntp authenticate + ntp authentication-key 10 md5 Pr0d_NTP_K3y_2024 7 + ntp trusted-key 10 + + ntp server 10.10.1.10 prefer use-vrf management key 10 + ntp server 10.10.1.11 use-vrf management key 10 + + ntp access-group peer NTP-PEERS + + ip access-list NTP-PEERS + 10 permit ip 10.10.1.0/24 any + 20 deny ip any any log + + ntp source-interface mgmt0 + ntp logging + + clock timezone EST -5 0 + clock summer-time EDT 2 Sunday March 02:00 1 Sunday November 02:00 60 + + copy running-config startup-config + +--- + +## Troubleshooting Guide + +### Issue: NTP Not Synchronizing + +**Symptoms:** +- `show ntp status` shows "Clock is unsynchronized" +- No asterisk (*) appears in `show ntp peers` + +**Troubleshooting Steps:** + +1. **Verify NTP feature is enabled:** + + show feature | include ntp + ! If disabled: + configure terminal + feature ntp + +2. **Check network connectivity to NTP servers:** + + ping 10.1.1.10 vrf management + traceroute 10.1.1.10 vrf management + +3. **Verify NTP packets are being exchanged:** + + show ntp peer-status + ! Check 'reach' column - should be 377 (binary 11111111) + ! Check 'when' column - should be recent (< poll interval) + +4. **Check for authentication mismatches:** + + show ntp authentication-status + ! Verify keys match between switch and server + +5. **Verify correct VRF is configured:** + + show running-config | include "ntp server" + ! Ensure use-vrf matches your management connectivity + +6. **Check firewall/ACL blocking UDP port 123:** + + ! NTP uses UDP port 123 + show ip access-lists + +7. **Verify time offset isn't too large:** + + ! If offset > 1000 seconds, NTP may refuse to sync + ! Manually set clock closer to correct time: + clock set 14:30:00 15 January 2024 + +### Issue: High Offset or Jitter + +**Symptoms:** +- Time drifts significantly +- High offset values in `show ntp peers` + +**Troubleshooting Steps:** + +1. **Check network latency:** + + ping 10.1.1.10 vrf management repeat 100 + ! Look for packet loss and high/variable latency + +2. **Verify stratum levels:** + ```cisco + show ntp peers + ! Stratum should be < 10 for reliable servers + ! Lower stratum = more accurate + ``` + +3. **Increase number of NTP servers:** + ```cisco + ! Use at least 3 servers for best accuracy + ! NTP uses voting algorithm with multiple sources + ``` + +4. **Check for upstream NTP issues:** + ```cisco + show ntp peer-status + ! Verify your NTP servers are synchronized + ``` + +### Issue: Authentication Failures + +**Symptoms:** +- Peers show as unreachable despite network connectivity +- Authentication errors in logs + +**Troubleshooting Steps:** + +1. **Verify authentication is configured on both ends:** + ```cisco + show ntp authentication-status + ``` + +2. **Check key ID and values match:** + ```cisco + show ntp authentication-keys + ! Key number and MD5 hash must match server + ``` + +3. **Verify trusted keys are configured:** + ```cisco + show running-config | include "ntp trusted-key" + ``` + +4. **Temporarily disable authentication to test:** + ```cisco + configure terminal + no ntp authenticate + ! Test connectivity + ! Re-enable after testing: + ntp authenticate + ``` + +### Issue: NTP Working but Time Still Wrong + +**Symptoms:** +- `show ntp status` shows synchronized +- Clock shows incorrect time + +**Troubleshooting Steps:** + +1. **Verify timezone configuration:** + ```cisco + show running-config | include clock + ! Ensure timezone matches your location + ``` + +2. **Check daylight saving time settings:** + ```cisco + show clock detail + ! Verify DST is configured if applicable + ``` + +3. **Confirm NTP server time is correct:** + ```cisco + show ntp peers + ! Check offset - should be small (< 100ms typically) + ``` + +### Issue: Cannot Add NTP Server + +**Symptoms:** +- Configuration commands rejected +- "Invalid VRF" error + +**Troubleshooting Steps:** + +1. **Verify VRF exists:** + ```cisco + show vrf + ! Common VRFs: management, default + ``` + +2. **Check if management interface is configured:** + ```cisco + show running-config interface mgmt0 + ! Ensure IP address and VRF are configured + ``` + +3. **Verify source interface exists:** + ```cisco + show interface mgmt0 brief + ``` + +--- + +## Best Practices + +### Redundancy +- Configure at least **3 NTP servers** for optimal accuracy and redundancy +- Use diverse network paths to NTP servers when possible +- Consider using both internal and external NTP sources + +### Security +- **Always use NTP authentication** in production environments +- Implement access control lists to limit NTP queries +- Use `use-vrf management` to isolate NTP traffic +- Monitor NTP logs for unusual activity + +### Performance +- Use `prefer` keyword on the most reliable/accurate server +- Choose NTP servers with low stratum (2-4 is ideal) +- Select geographically close servers to minimize latency +- Avoid using stratum 1 servers directly (use stratum 2) + +### Maintenance +- Regularly verify NTP synchronization status +- Monitor offset and jitter values +- Update authentication keys periodically +- Document your NTP server hierarchy + +### Time Initialization +- When first configuring, manually set clock to within 1000 seconds of actual time +- NTP will refuse to sync if offset is too large initially +- Use `clock set` command before enabling NTP on new switches + +--- + +## Monitoring and Logging + +### Regular Health Checks + +```cisco +! Daily verification +show ntp status | include "Clock is" +show ntp peers | include "\*" + +! Weekly detailed check +show ntp peer-status +show clock detail +``` + +### Enable SNMP Monitoring + +```cisco +configure terminal + +! Enable SNMP for NTP monitoring +snmp-server enable traps ntp + +! Configure SNMP trap receiver +snmp-server host 10.1.1.100 traps version 2c YourCommunity + +copy running-config startup-config +``` + +### Syslog Monitoring + +```cisco +configure terminal + +! Ensure NTP logging is enabled +ntp logging + +! Configure syslog server +logging server 10.1.1.50 6 use-vrf management + +! Set appropriate logging level +logging level ntp 6 + +copy running-config startup-config +``` + +--- + +## Quick Reference Commands + +| Command | Purpose | +|---------|---------| +| `show ntp status` | Display synchronization status | +| `show ntp peers` | List all NTP peers and sync status | +| `show ntp peer-status` | Detailed peer statistics | +| `show clock detail` | Current time and configuration | +| `show feature \| include ntp` | Verify NTP feature enabled | +| `show running-config \| include ntp` | Display NTP configuration | +| `show ntp authentication-keys` | List configured auth keys | +| `clear ntp statistics` | Reset NTP statistics | + +--- + +## Appendix: Public NTP Servers + +### NIST (US Government) +- `129.6.15.28` - NIST, Gaithersburg, Maryland +- `132.163.96.1` - NIST, Boulder, Colorado + +### US Naval Observatory +- `192.5.41.40` - tick.usno.navy.mil +- `192.5.41.41` - tock.usno.navy.mil + +### NTP Pool Project +- `0.pool.ntp.org` +- `1.pool.ntp.org` +- `2.pool.ntp.org` +- `3.pool.ntp.org` + +**Note:** For production use, deploy internal NTP servers synchronized to external sources rather than having all infrastructure devices query public servers directly. + +--- + +## Document Information + +**Target Platform:** Cisco Nexus 93180 +**NX-OS Versions:** 7.x, 9.x, 10.x +**Last Updated:** March 2026 +**Document Purpose:** Configuration reference and troubleshooting guide + +For Cisco NX-OS command reference, consult the official Cisco documentation for your specific software version. \ No newline at end of file diff --git a/Work/Ducky/ess9300_upgrade.md b/Work/Ducky/ess9300_upgrade.md index b28f4de..79c1ae4 100644 --- a/Work/Ducky/ess9300_upgrade.md +++ b/Work/Ducky/ess9300_upgrade.md @@ -2,7 +2,7 @@ title: Voyager SW10GG Upgrade description: Cisco ESS 9300 published: true -date: 2026-03-19T15:24:35.613Z +date: 2026-03-19T15:24:41.320Z tags: editor: markdown dateCreated: 2026-03-19T15:24:35.613Z diff --git a/Work/Ducky/ess_3300.md b/Work/Ducky/ess_3300.md index 10ed86d..868b0e4 100644 --- a/Work/Ducky/ess_3300.md +++ b/Work/Ducky/ess_3300.md @@ -2,7 +2,7 @@ title: Voyager SW26G Upgrade description: Cisco ESS 3300 Upgrade published: true -date: 2026-03-19T15:46:15.200Z +date: 2026-03-19T15:46:20.810Z tags: editor: markdown dateCreated: 2026-03-19T15:46:15.200Z diff --git a/Work/Nexus-upgrade.md b/Work/Nexus-upgrade.md index 7f9ecc0..fe286d4 100644 --- a/Work/Nexus-upgrade.md +++ b/Work/Nexus-upgrade.md @@ -2,7 +2,7 @@ title: Nexus Upgrade description: published: true -date: 2026-02-19T20:37:32.957Z +date: 2026-02-19T20:37:41.384Z tags: editor: markdown dateCreated: 2026-02-19T20:37:32.957Z diff --git a/Work/Nexus_1_Build.md b/Work/Nexus_1_Build.md index 881ef2e..21bda12 100644 --- a/Work/Nexus_1_Build.md +++ b/Work/Nexus_1_Build.md @@ -2,7 +2,7 @@ title: C9300GX-1 Build description: published: true -date: 2026-02-19T20:46:00.149Z +date: 2026-02-19T20:47:10.482Z tags: editor: markdown dateCreated: 2026-02-19T20:45:10.926Z diff --git a/home.md b/home.md index 8a7cc96..b342291 100644 --- a/home.md +++ b/home.md @@ -2,7 +2,7 @@ title: Netgrimoire description: published: true -date: 2026-02-25T21:48:20.699Z +date: 2026-02-25T21:48:26.231Z tags: editor: markdown dateCreated: 2026-01-21T13:19:48.685Z diff --git a/netgrimoire_gremlin.png b/netgrimoire_gremlin.png new file mode 100644 index 0000000..7497ce8 Binary files /dev/null and b/netgrimoire_gremlin.png differ