daily

2025-10-31 16:31:07 +03:00 · 2025-10-31 16:31:07 +03:00 · d1b0670d71
commit d1b0670d71
18 changed files with 357 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,22 @@
 # Volatile UI state
 .obsidian/workspace.json
 .obsidian/workspace-mobile.json
 .obsidian/app.json
 # Cache
 .obsidian/cache/
 # Large plugin files (keep plugin settings)
 .obsidian/plugins/*/
 # But keep plugin manifests and settings
 !.obsidian/plugins/*/manifest.json
 !.obsidian/plugins/*/data.json
 # System
 .trash/
 .DS_Store
 temp/temp.md
 .obsidian/
--- a/00-linux/README.md
+++ b/00-linux/README.md
--- a/00-linux/devops/README.md
+++ b/00-linux/devops/README.md
--- a/00-linux/hyprland/README.md
+++ b/00-linux/hyprland/README.md
--- a/00-linux/networking/README.md
+++ b/00-linux/networking/README.md
--- a/00-linux/networking/troubleshooting.md
+++ b/00-linux/networking/troubleshooting.md
@ -0,0 +1,62 @@
 ❯ ssh kv-root@176.108.250.130 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
 Someone could be eavesdropping on you right now (man-in-the-middle attack)!
 It is also possible that a host key has just been changed.
 The fingerprint for the ED25519 key sent by the remote host is
 SHA256:OM+qtti3S35aXRRkTn4qjtc9to7ykn0nBb5AumOTsi8.
 Please contact your system administrator.
 Add correct host key in /home/wave/.ssh/known_hosts to get rid of this message.
 Offending RSA key in /home/wave/.ssh/known_hosts:35
 Host key for 176.108.250.130 has changed and you have requested strict checking.
 Host key verification failed.
 # SSH Host Key Changed — быстрое решение 🔑
 ## Что произошло?
 Сервер был переустановлен → новый SSH ключ → SSH не доверяет старому
 **Это нормально после redeploy!**
 ---
 ## Решение (2 способа) ⚡
 ## Способ 1: Удали старый ключ (быстро)
 bash
 `# Удали старую запись хоста ssh-keygen -R 176.108.250.130 # Подтверди (yes) # Старый ключ удалён ✅ # Теперь подключайся ssh kv-root@176.108.250.130 # Спросит "Are you sure you want to continue connecting?" # Напиши: yes # Новый ключ сохранится ✅`
 ## Способ 2: Вручную редактируй known_hosts
 bash
 `# Открой файл nano ~/.ssh/known_hosts # Найди строку с 176.108.250.130 (по строке 35) # Удали эту строку (Ctrl+K в nano) # Сохрани (Ctrl+O → Enter → Ctrl+X) # Подключись как в способе 1 ssh kv-root@176.108.250.130`
 ---
 ## В один лайн 🎯
 bash
 `ssh-keygen -R 176.108.250.130 && ssh kv-root@176.108.250.130`
 **Это всё!** ✅
 ---
 ## Что происходит?
 text
 `ssh-keygen -R 176.108.250.130     ↓ Удаляет старый ED25519 ключ из ~/.ssh/known_hosts     ↓ ssh kv-root@176.108.250.130     ↓ Спрашивает: "Continue? (yes/no)"     ↓ yes     ↓ Сохраняет новый ключ в known_hosts ✅     ↓ Готово!`
 ---
 **Готово? Проверяй второй сервер!** 🚀
 Если ещё какие-то ошибки — докладывай!
--- a/00-linux/nixos/README.md
+++ b/00-linux/nixos/README.md
@ -0,0 +1,201 @@
 # 🚀 ПОЛНЫЙ REDEPLOY: 2 сервера + документация!
 Ты абсолютно прав — мой косяк, не проверил профиль. Идём! 💪
 ---
 ## ПЛАН ДЕЙСТВИЙ 🎯
 text
 `1. Создать server-deployment.md (документация) 2. Сгенерировать новые SOPS секреты 3. Redeploy на первый сервер через nixos-anywhere 4. Тест 5. Redeploy на второй сервер 6. Финальная проверка`
 ---
 ## Шаг 1: Создай документацию 📖
 bash
 ``cd ~/nix-server # Создай гайд для будущих deployments cat > server-deployment.md << 'EOF' --- tags: [nixos, deployment, guide, production] ---  # NixOS Server Deployment Guide ## Prerequisites - Fresh Linux VPS (Debian 12, Ubuntu 22.04, etc.) - SSH access as root - nixos-anywhere installed locally: `nix-shell -p nixos-anywhere` ## Step 1: Generate VPN Secrets``
 # On local machine
 cd ~/nix-server
 # Generate new age key for this server
 age-keygen -o ~/.config/sops/age/server2-keys.txt
 # Create secrets file
 cat > secrets.yaml << 'SECRETS'  
 vpn:  
 uuid: "$(uuidgen)"  
 privateKey: "$(openssl rand -base64 32)"  
 shortId: "$(openssl rand -hex 8)"  
 SECRETS
 # Encrypt with sops
 sops secrets.yaml
 text
 `## Step 2: Update flake.nix with new keys`
 # In flake.nix
 sops.age.keyFile = "/root/.config/sops/age/keys.txt";
 text
 `## Step 3: Deploy with nixos-anywhere`
 # Local machine
 nixos-anywhere --flake .#server root@NEW-SERVER-IP
 # Wait for reboot...
 sleep 60
 # Verify
 ssh nxoska@NEW-SERVER-IP  
 sudo systemctl status sing-box  
 timedatectl status # MUST be: synchronized: yes
 text
 `## Step 4: Verify Everything`
 ssh nxoska@NEW-SERVER-IP
 # 1. Time sync
 timedatectl status
 # Output: System clock synchronized: yes ✅
 # 2. sing-box running
 sudo systemctl status sing-box
 # Output: active (running) ✅
 # 3. Port listening
 sudo ss -tulpn | grep 443
 # Output: LISTEN [::]:443 ✅
 # 4. Secrets loaded
 sudo -u sing-box cat /run/secrets/vpn/uuid
 # Output: your-uuid ✅
 # 5. VPN functional
 # Test from client (another machine)
 text
 `## Troubleshooting ### Time sync not working`
 sudo systemctl restart systemd-timesyncd  
 sleep 5  
 timedatectl timesync-status
 text
 `### sing-box permission denied`
 # Check secrets owner
 ls -la /run/secrets/vpn/
 # Should be: -r-------- sing-box sing-box
 # If not, rebuild:
 sudo nixos-rebuild switch --flake .#server
 text
 `### Connection refused on port 443`
 sudo journalctl -u sing-box -n 50  
 sudo ss -tulpn | grep -E "(443|sing-box)"
 text
 `## Rollback Plan If something breaks:`
 ssh root@SERVER  
 sudo nixos-rebuild switch --rollback  
 sudo systemctl restart sing-box
 text
 `## References - [[40-projects/vpn-server/architecture]] - [[20-linux/nixos/sops-setup]] - [[20-linux/nixos/deployment]] --- **Last updated:** 2025-10-30 **Method:** nixos-anywhere (NOT deprecated nixos-infect) EOF git add server-deployment.md git commit -m "docs: add server deployment guide (nixos-anywhere)"`
 ---
 ## Шаг 2: Сгенерируй новые секреты 🔐
 bash
 `cd ~/nix-server # 1. Новый UUID для VPN NEW_UUID=$(uuidgen) echo "New UUID: $NEW_UUID" # 2. Новый private key NEW_PRIVATE_KEY=$(openssl rand -base64 32) echo "New Private Key: $NEW_PRIVATE_KEY" # 3. Новый short ID NEW_SHORT_ID=$(openssl rand -hex 8) echo "New Short ID: $NEW_SHORT_ID" # 4. Обнови secrets.yaml cat > secrets.yaml << EOF vpn:   uuid: "$NEW_UUID"   privateKey: "$NEW_PRIVATE_KEY"   shortId: "$NEW_SHORT_ID" EOF # 5. Зашифруй SOPS sops secrets.yaml  # 6. Проверь что зашифровано cat secrets.yaml | head -5 # Должно быть: ENC[AES256_GCM,...] ✅ # 7. Коммит (encrypted файл безопасен!) git add secrets.yaml git commit -m "chore: regenerate VPN secrets for clean deployment"`
 ---
 ## Шаг 3: Первый сервер — REDEPLOY 🚀
 bash
 `# ВАЖНО: Создай backup ssh nxoska@64.188.70.209 'sudo tar czf /tmp/backup-old.tar.gz /etc/nixos/ /var/lib/sing-box/' scp nxoska@64.188.70.209:/tmp/backup-old.tar.gz ~/backups/server1-backup-2025-10-30.tar.gz # Отключи VPN клиентов! (они потеряют соединение) # REDEPLOY через nixos-anywhere echo "🚀 Starting redeploy on server 1 (64.188.70.209)..." nixos-anywhere --flake .#server root@64.188.70.209 # Жди ~5-10 минут... echo "⏳ Waiting for reboot..." sleep 120 # Проверь что всё запустилось echo "🔍 Verifying server 1..." ssh nxoska@64.188.70.209 << 'VERIFY' echo "=== Time Sync ===" timedatectl status echo "" echo "=== sing-box Status ===" sudo systemctl status sing-box --no-pager | head -10 echo "" echo "=== Port 443 ===" sudo ss -tulpn | grep 443 echo "" echo "=== VPN Secrets ===" sudo -u sing-box cat /run/secrets/vpn/uuid echo "" echo "=== Recent Logs ===" sudo journalctl -u sing-box -n 20 --no-pager VERIFY`
 ---
 ## Шаг 4: Второй сервер — REDEPLOY 🚀
 bash
 `# Если у тебя есть второй сервер (например, для HA) # Процесс идентичный! echo "🚀 Starting redeploy on server 2..." nixos-anywhere --flake .#server root@SECOND-SERVER-IP sleep 120 echo "🔍 Verifying server 2..." ssh nxoska@SECOND-SERVER-IP << 'VERIFY' timedatectl status sudo systemctl status sing-box --no-pager | head -10 sudo journalctl -u sing-box -n 20 --no-pager VERIFY`
 ---
 ## Полный скрипт (all-in-one) 🎬
 bash
 `#!/bin/bash # deploy-both-servers.sh set -e SERVERS=(   "64.188.70.209"   "YOUR-SECOND-SERVER-IP"  # ← Замени на реальный IP ) PROJECT_DIR="$HOME/nix-server" cd "$PROJECT_DIR" echo "╔═════════════════════════════════════════════════════════╗" echo "║     🚀 NIXOS SERVER DUAL DEPLOYMENT (nixos-anywhere)   ║" echo "╚═════════════════════════════════════════════════════════╝" echo "" # Step 1: Generate secrets echo "📝 [STEP 1] Generating new VPN secrets..." NEW_UUID=$(uuidgen) NEW_PRIVATE_KEY=$(openssl rand -base64 32) NEW_SHORT_ID=$(openssl rand -hex 8) cat > secrets.yaml << EOF vpn:   uuid: "$NEW_UUID"   privateKey: "$NEW_PRIVATE_KEY"   shortId: "$NEW_SHORT_ID" EOF sops secrets.yaml echo "✅ Secrets generated and encrypted" echo "" # Step 2: Backup & Deploy each server for SERVER_IP in "${SERVERS[@]}"; do   echo "════════════════════════════════════════════════════════"   echo "🎯 DEPLOYING TO: $SERVER_IP"   echo "════════════════════════════════════════════════════════"   echo ""      # Backup   echo "💾 Creating backup..."   ssh nxoska@"$SERVER_IP" 'sudo tar czf /tmp/backup.tar.gz /etc/nixos/ /var/lib/sing-box/' 2>/dev/null || true   mkdir -p ~/backups  scp nxoska@"$SERVER_IP":/tmp/backup.tar.gz ~/backups/server-"$SERVER_IP"-backup-$(date +%Y-%m-%d).tar.gz 2>/dev/null || true   echo "✅ Backup created"   echo ""      # Deploy   echo "🚀 Running nixos-anywhere..."   nixos-anywhere --flake .#server root@"$SERVER_IP"      echo "⏳ Waiting for system to boot..."   sleep 120   echo ""      # Verify   echo "🔍 Verifying deployment..."   ssh nxoska@"$SERVER_IP" << VERIFY_SCRIPT echo "=== System Status ===" systemctl is-system-running echo "" echo "=== Time Sync ===" timedatectl status | head -3 echo "" echo "=== sing-box Service ===" sudo systemctl status sing-box --no-pager | grep -E "(Active|Main PID)" echo "" echo "=== Port 443 ===" sudo ss -tulpn | grep 443 | head -2 echo "" echo "=== VPN UUID ===" sudo -u sing-box cat /run/secrets/vpn/uuid echo "" echo "=== Recent Errors ===" sudo journalctl -u sing-box -n 10 --no-pager 2>/dev/null | grep -i error || echo "No errors ✅" VERIFY_SCRIPT      echo ""   echo "✅ Server $SERVER_IP deployment complete!"   echo "" done echo "╔═════════════════════════════════════════════════════════╗" echo "║          ✅ ALL SERVERS DEPLOYED SUCCESSFULLY!          ║" echo "╚═════════════════════════════════════════════════════════╝" echo "" echo "📝 Next steps:" echo "   1. Test VPN from client" echo "   2. Commit secrets: git add secrets.yaml && git commit" echo "   3. Update documentation if needed" echo ""`
 ---
 ## Запуск 🎬
 bash
 `# Создай скрипт cat > ~/deploy-vpn-servers.sh << 'SCRIPT_EOF' # (содержимое скрипта выше) SCRIPT_EOF chmod +x ~/deploy-vpn-servers.sh # Запусти cd ~/nix-server ~/deploy-vpn-servers.sh  # Или по одному (если хочешь контролировать) nixos-anywhere --flake .#server root@64.188.70.209 sleep 120 ssh nxoska@64.188.70.209 'timedatectl status && sudo systemctl status sing-box'`
 ---
 ## Финальная проверка ✅
 bash
 `# На каждом сервере: ssh nxoska@64.188.70.209 # ALL 4 должны быть ✅ echo "=== CHECK 1: Time Sync ===" && timedatectl status | grep "synchronized" echo "=== CHECK 2: sing-box ===" && sudo systemctl status sing-box --no-pager | grep "active" echo "=== CHECK 3: Port ===" && sudo ss -tulpn | grep 443 echo "=== CHECK 4: Secrets ===" && sudo -u sing-box cat /run/secrets/vpn/uuid # Если все 4 выводят что надо — ВСЁ ОТЛИЧНО! 🎉`
 ---
 ## КОММИТЫ
 bash
 `git add . git commit -m "🚀 Complete redeploy with nixos-anywhere - Use nixos-anywhere instead of deprecated nixos-infect - Regenerate all VPN secrets - Add server-deployment.md documentation - Clean NixOS installation on both servers - Proper systemd-timesyncd configuration - All systems verified and working ✅" git push`
 ---
 **Готов?** Даю команду или сначала уточнить что-то? 🚀
--- a/00-linux/nixos/deploy.md
+++ b/00-linux/nixos/deploy.md
--- a/00-linux/nixos/useful
+++ b/00-linux/nixos/useful
@ -0,0 +1,5 @@
 ```
 sudo nix-collect-garbage --delete-older-than 2d # удаляет неиспользуемый мусор от старых поколений
 ```
--- a/00-linux/utils/README.md
+++ b/00-linux/utils/README.md
--- a/00-linux/utils/rg.md
+++ b/00-linux/utils/rg.md
@ -0,0 +1,2 @@
 `rg --pretty 'search_term' | less -R` - вывести результат rg не напрямую в консоль а через less pager
--- a/10-dev/00-rust/README.md
+++ b/10-dev/00-rust/README.md
--- a/10-dev/README.md
+++ b/10-dev/README.md
--- a/10-dev/c/README.md
+++ b/10-dev/c/README.md
--- a/10-dev/cpp/README.md
+++ b/10-dev/cpp/README.md
--- a/10-dev/python/README.md
+++ b/10-dev/python/README.md
--- a/50-ml/README.md
+++ b/50-ml/README.md
--- a/README.md
+++ b/README.md
@ -0,0 +1,49 @@
 # 🚀 HYPERION
 > *"Hell, it's about time."*  
 > — Jim Raynor
 **Flagship Knowledge Cruiser**
 Navigating the infinite cosmos of knowledge through Hyprland's windowed space. Every note is a star, every link a warp jump, every insight a discovery in the void.
 ---
 ## 🎯 Mission Control
 | System | Status |
 |--------|--------|
 | 🧠 **Core Systems** | Linux · Nix · Rust · Networking · Databases |
 | 🔧 **Engineering** | DevOps · Security · Infrastructure |
 | 📡 **Operations** | Active Projects · Daily Logs · Research |
 | 🤖 **AI Adjutant** | Obsidian-powered knowledge graph |
 ## 🗺️ Navigation
 ```
 [[00-inbox]]      → Unsorted transmissions
 [[10-daily]]      → Captain's log, stardate...
 [[20-areas]]      → Core knowledge sectors
 [[30-projects]]   → Active missions
 [[40-resources]]  → Arsenal & tools
 [[50-learning]]   → Uncharted territories
 ```
 ## 🌌 Tech Stack
 ```
 Obsidian (Knowledge Graph)
    ↓
 Hyprland (Window Compositor)
    ↓
 NixOS (Immutable Infrastructure)
    ↓
 Rust (Performance Core)
 ```
 ---
 *Powered by curiosity. Fueled by coffee. Cruising through hyperspace.*
 **🎵 Synthwave engaged. All systems nominal. 🎵**
		`@ -0,0 +1,2 @@`
							`rg --pretty 'search_term' \| less -R` - вывести результат rg не напрямую в консоль а через less pager