daily

2025-10-31 16:31:07 +03:00 · 2025-10-31 16:31:07 +03:00 · d1b0670d71
commit d1b0670d71
18 changed files with 357 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,22 @@
+# Volatile UI state
+.obsidian/workspace.json
+.obsidian/workspace-mobile.json
+.obsidian/app.json
+
+# Cache
+.obsidian/cache/
+
+# Large plugin files (keep plugin settings)
+.obsidian/plugins/*/
+
+# But keep plugin manifests and settings
+!.obsidian/plugins/*/manifest.json
+!.obsidian/plugins/*/data.json
+
+# System
+.trash/
+.DS_Store
+
+temp/temp.md
+
+.obsidian/
--- a/00-linux/README.md
+++ b/00-linux/README.md
--- a/00-linux/devops/README.md
+++ b/00-linux/devops/README.md
--- a/00-linux/hyprland/README.md
+++ b/00-linux/hyprland/README.md
--- a/00-linux/networking/README.md
+++ b/00-linux/networking/README.md
--- a/00-linux/networking/troubleshooting.md
+++ b/00-linux/networking/troubleshooting.md
@ -0,0 +1,62 @@
+❯ ssh kv-root@176.108.250.130 
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
+Someone could be eavesdropping on you right now (man-in-the-middle attack)!
+It is also possible that a host key has just been changed.
+The fingerprint for the ED25519 key sent by the remote host is
+SHA256:OM+qtti3S35aXRRkTn4qjtc9to7ykn0nBb5AumOTsi8.
+Please contact your system administrator.
+Add correct host key in /home/wave/.ssh/known_hosts to get rid of this message.
+Offending RSA key in /home/wave/.ssh/known_hosts:35
+Host key for 176.108.250.130 has changed and you have requested strict checking.
+Host key verification failed.
+
+# SSH Host Key Changed — быстрое решение 🔑
+
+## Что произошло?
+
+Сервер был переустановлен → новый SSH ключ → SSH не доверяет старому
+
+**Это нормально после redeploy!**
+
+---
+
+## Решение (2 способа) ⚡
+
+## Способ 1: Удали старый ключ (быстро)
+
+bash
+
+`# Удали старую запись хоста ssh-keygen -R 176.108.250.130 # Подтверди (yes) # Старый ключ удалён ✅ # Теперь подключайся ssh kv-root@176.108.250.130 # Спросит "Are you sure you want to continue connecting?" # Напиши: yes # Новый ключ сохранится ✅`
+
+## Способ 2: Вручную редактируй known_hosts
+
+bash
+
+`# Открой файл nano ~/.ssh/known_hosts # Найди строку с 176.108.250.130 (по строке 35) # Удали эту строку (Ctrl+K в nano) # Сохрани (Ctrl+O → Enter → Ctrl+X) # Подключись как в способе 1 ssh kv-root@176.108.250.130`
+
+---
+
+## В один лайн 🎯
+
+bash
+
+`ssh-keygen -R 176.108.250.130 && ssh kv-root@176.108.250.130`
+
+**Это всё!** ✅
+
+---
+
+## Что происходит?
+
+text
+
+`ssh-keygen -R 176.108.250.130     ↓ Удаляет старый ED25519 ключ из ~/.ssh/known_hosts     ↓ ssh kv-root@176.108.250.130     ↓ Спрашивает: "Continue? (yes/no)"     ↓ yes     ↓ Сохраняет новый ключ в known_hosts ✅     ↓ Готово!`
+
+---
+
+**Готово? Проверяй второй сервер!** 🚀
+
+Если ещё какие-то ошибки — докладывай!
--- a/00-linux/nixos/README.md
+++ b/00-linux/nixos/README.md
@ -0,0 +1,201 @@
+# 🚀 ПОЛНЫЙ REDEPLOY: 2 сервера + документация!
+
+Ты абсолютно прав — мой косяк, не проверил профиль. Идём! 💪
+
+---
+
+## ПЛАН ДЕЙСТВИЙ 🎯
+
+text
+
+`1. Создать server-deployment.md (документация) 2. Сгенерировать новые SOPS секреты 3. Redeploy на первый сервер через nixos-anywhere 4. Тест 5. Redeploy на второй сервер 6. Финальная проверка`
+
+---
+
+## Шаг 1: Создай документацию 📖
+
+bash
+
+``cd ~/nix-server # Создай гайд для будущих deployments cat > server-deployment.md << 'EOF' --- tags: [nixos, deployment, guide, production] ---  # NixOS Server Deployment Guide ## Prerequisites - Fresh Linux VPS (Debian 12, Ubuntu 22.04, etc.) - SSH access as root - nixos-anywhere installed locally: `nix-shell -p nixos-anywhere` ## Step 1: Generate VPN Secrets``
+
+# On local machine
+
+cd ~/nix-server
+
+# Generate new age key for this server
+
+age-keygen -o ~/.config/sops/age/server2-keys.txt
+
+# Create secrets file
+
+cat > secrets.yaml << 'SECRETS'  
+vpn:  
+uuid: "$(uuidgen)"  
+privateKey: "$(openssl rand -base64 32)"  
+shortId: "$(openssl rand -hex 8)"  
+SECRETS
+
+# Encrypt with sops
+
+sops secrets.yaml
+
+text
+
+`## Step 2: Update flake.nix with new keys`
+
+# In flake.nix
+
+sops.age.keyFile = "/root/.config/sops/age/keys.txt";
+
+text
+
+`## Step 3: Deploy with nixos-anywhere`
+
+# Local machine
+
+nixos-anywhere --flake .#server root@NEW-SERVER-IP
+
+# Wait for reboot...
+
+sleep 60
+
+# Verify
+
+ssh nxoska@NEW-SERVER-IP  
+sudo systemctl status sing-box  
+timedatectl status # MUST be: synchronized: yes
+
+text
+
+`## Step 4: Verify Everything`
+
+ssh nxoska@NEW-SERVER-IP
+
+# 1. Time sync
+
+timedatectl status
+
+# Output: System clock synchronized: yes ✅
+
+# 2. sing-box running
+
+sudo systemctl status sing-box
+
+# Output: active (running) ✅
+
+# 3. Port listening
+
+sudo ss -tulpn | grep 443
+
+# Output: LISTEN [::]:443 ✅
+
+# 4. Secrets loaded
+
+sudo -u sing-box cat /run/secrets/vpn/uuid
+
+# Output: your-uuid ✅
+
+# 5. VPN functional
+
+# Test from client (another machine)
+
+text
+
+`## Troubleshooting ### Time sync not working`
+
+sudo systemctl restart systemd-timesyncd  
+sleep 5  
+timedatectl timesync-status
+
+text
+
+`### sing-box permission denied`
+
+# Check secrets owner
+
+ls -la /run/secrets/vpn/
+
+# Should be: -r-------- sing-box sing-box
+
+# If not, rebuild:
+
+sudo nixos-rebuild switch --flake .#server
+
+text
+
+`### Connection refused on port 443`
+
+sudo journalctl -u sing-box -n 50  
+sudo ss -tulpn | grep -E "(443|sing-box)"
+
+text
+
+`## Rollback Plan If something breaks:`
+
+ssh root@SERVER  
+sudo nixos-rebuild switch --rollback  
+sudo systemctl restart sing-box
+
+text
+
+`## References - [[40-projects/vpn-server/architecture]] - [[20-linux/nixos/sops-setup]] - [[20-linux/nixos/deployment]] --- **Last updated:** 2025-10-30 **Method:** nixos-anywhere (NOT deprecated nixos-infect) EOF git add server-deployment.md git commit -m "docs: add server deployment guide (nixos-anywhere)"`
+
+---
+
+## Шаг 2: Сгенерируй новые секреты 🔐
+
+bash
+
+`cd ~/nix-server # 1. Новый UUID для VPN NEW_UUID=$(uuidgen) echo "New UUID: $NEW_UUID" # 2. Новый private key NEW_PRIVATE_KEY=$(openssl rand -base64 32) echo "New Private Key: $NEW_PRIVATE_KEY" # 3. Новый short ID NEW_SHORT_ID=$(openssl rand -hex 8) echo "New Short ID: $NEW_SHORT_ID" # 4. Обнови secrets.yaml cat > secrets.yaml << EOF vpn:   uuid: "$NEW_UUID"   privateKey: "$NEW_PRIVATE_KEY"   shortId: "$NEW_SHORT_ID" EOF # 5. Зашифруй SOPS sops secrets.yaml  # 6. Проверь что зашифровано cat secrets.yaml | head -5 # Должно быть: ENC[AES256_GCM,...] ✅ # 7. Коммит (encrypted файл безопасен!) git add secrets.yaml git commit -m "chore: regenerate VPN secrets for clean deployment"`
+
+---
+
+## Шаг 3: Первый сервер — REDEPLOY 🚀
+
+bash
+
+`# ВАЖНО: Создай backup ssh nxoska@64.188.70.209 'sudo tar czf /tmp/backup-old.tar.gz /etc/nixos/ /var/lib/sing-box/' scp nxoska@64.188.70.209:/tmp/backup-old.tar.gz ~/backups/server1-backup-2025-10-30.tar.gz # Отключи VPN клиентов! (они потеряют соединение) # REDEPLOY через nixos-anywhere echo "🚀 Starting redeploy on server 1 (64.188.70.209)..." nixos-anywhere --flake .#server root@64.188.70.209 # Жди ~5-10 минут... echo "⏳ Waiting for reboot..." sleep 120 # Проверь что всё запустилось echo "🔍 Verifying server 1..." ssh nxoska@64.188.70.209 << 'VERIFY' echo "=== Time Sync ===" timedatectl status echo "" echo "=== sing-box Status ===" sudo systemctl status sing-box --no-pager | head -10 echo "" echo "=== Port 443 ===" sudo ss -tulpn | grep 443 echo "" echo "=== VPN Secrets ===" sudo -u sing-box cat /run/secrets/vpn/uuid echo "" echo "=== Recent Logs ===" sudo journalctl -u sing-box -n 20 --no-pager VERIFY`
+
+---
+
+## Шаг 4: Второй сервер — REDEPLOY 🚀
+
+bash
+
+`# Если у тебя есть второй сервер (например, для HA) # Процесс идентичный! echo "🚀 Starting redeploy on server 2..." nixos-anywhere --flake .#server root@SECOND-SERVER-IP sleep 120 echo "🔍 Verifying server 2..." ssh nxoska@SECOND-SERVER-IP << 'VERIFY' timedatectl status sudo systemctl status sing-box --no-pager | head -10 sudo journalctl -u sing-box -n 20 --no-pager VERIFY`
+
+---
+
+## Полный скрипт (all-in-one) 🎬
+
+bash
+
+`#!/bin/bash # deploy-both-servers.sh set -e SERVERS=(   "64.188.70.209"   "YOUR-SECOND-SERVER-IP"  # ← Замени на реальный IP ) PROJECT_DIR="$HOME/nix-server" cd "$PROJECT_DIR" echo "╔═════════════════════════════════════════════════════════╗" echo "║     🚀 NIXOS SERVER DUAL DEPLOYMENT (nixos-anywhere)   ║" echo "╚═════════════════════════════════════════════════════════╝" echo "" # Step 1: Generate secrets echo "📝 [STEP 1] Generating new VPN secrets..." NEW_UUID=$(uuidgen) NEW_PRIVATE_KEY=$(openssl rand -base64 32) NEW_SHORT_ID=$(openssl rand -hex 8) cat > secrets.yaml << EOF vpn:   uuid: "$NEW_UUID"   privateKey: "$NEW_PRIVATE_KEY"   shortId: "$NEW_SHORT_ID" EOF sops secrets.yaml echo "✅ Secrets generated and encrypted" echo "" # Step 2: Backup & Deploy each server for SERVER_IP in "${SERVERS[@]}"; do   echo "════════════════════════════════════════════════════════"   echo "🎯 DEPLOYING TO: $SERVER_IP"   echo "════════════════════════════════════════════════════════"   echo ""      # Backup   echo "💾 Creating backup..."   ssh nxoska@"$SERVER_IP" 'sudo tar czf /tmp/backup.tar.gz /etc/nixos/ /var/lib/sing-box/' 2>/dev/null || true   mkdir -p ~/backups  scp nxoska@"$SERVER_IP":/tmp/backup.tar.gz ~/backups/server-"$SERVER_IP"-backup-$(date +%Y-%m-%d).tar.gz 2>/dev/null || true   echo "✅ Backup created"   echo ""      # Deploy   echo "🚀 Running nixos-anywhere..."   nixos-anywhere --flake .#server root@"$SERVER_IP"      echo "⏳ Waiting for system to boot..."   sleep 120   echo ""      # Verify   echo "🔍 Verifying deployment..."   ssh nxoska@"$SERVER_IP" << VERIFY_SCRIPT echo "=== System Status ===" systemctl is-system-running echo "" echo "=== Time Sync ===" timedatectl status | head -3 echo "" echo "=== sing-box Service ===" sudo systemctl status sing-box --no-pager | grep -E "(Active|Main PID)" echo "" echo "=== Port 443 ===" sudo ss -tulpn | grep 443 | head -2 echo "" echo "=== VPN UUID ===" sudo -u sing-box cat /run/secrets/vpn/uuid echo "" echo "=== Recent Errors ===" sudo journalctl -u sing-box -n 10 --no-pager 2>/dev/null | grep -i error || echo "No errors ✅" VERIFY_SCRIPT      echo ""   echo "✅ Server $SERVER_IP deployment complete!"   echo "" done echo "╔═════════════════════════════════════════════════════════╗" echo "║          ✅ ALL SERVERS DEPLOYED SUCCESSFULLY!          ║" echo "╚═════════════════════════════════════════════════════════╝" echo "" echo "📝 Next steps:" echo "   1. Test VPN from client" echo "   2. Commit secrets: git add secrets.yaml && git commit" echo "   3. Update documentation if needed" echo ""`
+
+---
+
+## Запуск 🎬
+
+bash
+
+`# Создай скрипт cat > ~/deploy-vpn-servers.sh << 'SCRIPT_EOF' # (содержимое скрипта выше) SCRIPT_EOF chmod +x ~/deploy-vpn-servers.sh # Запусти cd ~/nix-server ~/deploy-vpn-servers.sh  # Или по одному (если хочешь контролировать) nixos-anywhere --flake .#server root@64.188.70.209 sleep 120 ssh nxoska@64.188.70.209 'timedatectl status && sudo systemctl status sing-box'`
+
+---
+
+## Финальная проверка ✅
+
+bash
+
+`# На каждом сервере: ssh nxoska@64.188.70.209 # ALL 4 должны быть ✅ echo "=== CHECK 1: Time Sync ===" && timedatectl status | grep "synchronized" echo "=== CHECK 2: sing-box ===" && sudo systemctl status sing-box --no-pager | grep "active" echo "=== CHECK 3: Port ===" && sudo ss -tulpn | grep 443 echo "=== CHECK 4: Secrets ===" && sudo -u sing-box cat /run/secrets/vpn/uuid # Если все 4 выводят что надо — ВСЁ ОТЛИЧНО! 🎉`
+
+---
+
+## КОММИТЫ
+
+bash
+
+`git add . git commit -m "🚀 Complete redeploy with nixos-anywhere - Use nixos-anywhere instead of deprecated nixos-infect - Regenerate all VPN secrets - Add server-deployment.md documentation - Clean NixOS installation on both servers - Proper systemd-timesyncd configuration - All systems verified and working ✅" git push`
+
+---
+
+**Готов?** Даю команду или сначала уточнить что-то? 🚀
--- a/00-linux/nixos/deploy.md
+++ b/00-linux/nixos/deploy.md
--- a/00-linux/nixos/useful
+++ b/00-linux/nixos/useful
@ -0,0 +1,5 @@
+```
+sudo nix-collect-garbage --delete-older-than 2d # удаляет неиспользуемый мусор от старых поколений
+
+
+```
--- a/00-linux/utils/README.md
+++ b/00-linux/utils/README.md
--- a/00-linux/utils/rg.md
+++ b/00-linux/utils/rg.md
@ -0,0 +1,2 @@
+`rg --pretty 'search_term' | less -R` - вывести результат rg не напрямую в консоль а через less pager
+
--- a/10-dev/00-rust/README.md
+++ b/10-dev/00-rust/README.md
--- a/10-dev/README.md
+++ b/10-dev/README.md
--- a/10-dev/c/README.md
+++ b/10-dev/c/README.md
--- a/10-dev/cpp/README.md
+++ b/10-dev/cpp/README.md
--- a/10-dev/python/README.md
+++ b/10-dev/python/README.md
--- a/50-ml/README.md
+++ b/50-ml/README.md
--- a/README.md
+++ b/README.md
@ -0,0 +1,49 @@
+
+# 🚀 HYPERION
+
+> *"Hell, it's about time."*  
+> — Jim Raynor
+
+**Flagship Knowledge Cruiser**
+
+Navigating the infinite cosmos of knowledge through Hyprland's windowed space. Every note is a star, every link a warp jump, every insight a discovery in the void.
+
+---
+
+## 🎯 Mission Control
+
+| System | Status |
+|--------|--------|
+| 🧠 **Core Systems** | Linux · Nix · Rust · Networking · Databases |
+| 🔧 **Engineering** | DevOps · Security · Infrastructure |
+| 📡 **Operations** | Active Projects · Daily Logs · Research |
+| 🤖 **AI Adjutant** | Obsidian-powered knowledge graph |
+
+## 🗺️ Navigation
+
+```
+[[00-inbox]]      → Unsorted transmissions
+[[10-daily]]      → Captain's log, stardate...
+[[20-areas]]      → Core knowledge sectors
+[[30-projects]]   → Active missions
+[[40-resources]]  → Arsenal & tools
+[[50-learning]]   → Uncharted territories
+```
+
+## 🌌 Tech Stack
+
+```
+Obsidian (Knowledge Graph)
+    ↓
+Hyprland (Window Compositor)
+    ↓
+NixOS (Immutable Infrastructure)
+    ↓
+Rust (Performance Core)
+```
+
+---
+
+*Powered by curiosity. Fueled by coffee. Cruising through hyperspace.*
+
+**🎵 Synthwave engaged. All systems nominal. 🎵**
				`@ -0,0 +1,2 @@`
				`rg --pretty 'search_term' \| less -R` - вывести результат rg не напрямую в консоль а через less pager