infra on 대충어쩌고저쩌고샬라샬라

개발환경

Sat, 20 Dec 2025 00:00:00 +0000

winmerge

Sat, 20 Dec 2025 00:00:00 +0000

License

상업적 이용 제한 없음

winmerge: GNU GPL v2 ¹
D2Coding: OFL ²

References

https://github.com/WinMerge/winmerge

winscp

Sat, 20 Dec 2025 00:00:00 +0000

License

상업적 이용 제한 없음

winscp: GNU GPL v3 ¹
D2Coding: OFL ²

References

https://winscp.net/eng/index.php

code-server

Sun, 14 Dec 2025 00:00:00 +0000

 graph LR
 subgraph gvp6nx1a
 A7[code-server] <-- http --> A13[nginx]
 end
 A13 <-- https --> B[client]

container 구성

.env

vi /opt/code-server/.env

PASSWORD=1***************************************************************

docker-compose.yml ¹

vi /opt/code-server/docker-compose.yml

services:
 code-server:
 image: lscr.io/linuxserver/code-server:4.16.1
 container_name: code-server
 networks:
 - dev
 ports:
 - 8443/tcp
 user: 0:0
 environment:
 - PUID=0
 - PGID=0
 - TZ=Asia/Seoul
 - PASSWORD=$PASSWORD
 - PROXY_DOMAIN=co.gvp6nx1a.duckdns.org
 - DEFAULT_WORKSPACE=/
 volumes:
 - /:/rootfs:rw
 - /opt/code-server/config:/config:rw
 - /opt/code-server/workbench/workbench.html:/usr/lib/code-server/lib/vscode/out/vs/code/browser/workbench/workbench.html:rw
 - /opt/code-server/font:/usr/lib/code-server/src/browser/pages/font:rw
 restart: unless-stopped
networks:
 dev:
 external: true

공통 구성

font D2Coding 구성

doublecmd

Sun, 14 Dec 2025 00:00:00 +0000

windows 구성

개요

Mdir 참조 확장자별 색상
기타 편의 구성
D2Coding 의존

다운로드

doublecmd-settings.zip
D2Coding-Ver1.3.2-20180524.zip

Filename	Remarks
sevenzip.ini	7z 플러그인
colors.json	모든 색상 설정
ignorelist.txt	파일/폴더 무시
doublecmd.xml	모든 주요 프로그램 설정
extassoc.xml	파일 확장자 연관 설정

gitbash로 설치

curl https://dntco43u.github.io/infra/doublecmd-settings.zip -o $USERPROFILE/Downloads/doublecmd-settings.zip && \
7z x -y -o"$APPDATA/doublecmd" $USERPROFILE/Downloads/doublecmd-settings.zip && \
rm $USERPROFILE/Downloads/doublecmd-settings.zip

License

상업적 이용 제한 없음

Double Commander: GNU GPL v2 ¹
D2Coding: OFL ²

References

https://github.com/doublecmd/doublecmd?tab=GPL-2.0-1-ov-file ↩︎

klogg

Sun, 14 Dec 2025 00:00:00 +0000

windows 구성

개요

레벨별 색상 구성

d{4}[\\/-]\\d{2}[\\/-]\\d{2}\\s\\d{2}:\\d{2}:\\d{2}.*TRACE|DEBUG
d{4}[\\/-]\\d{2}[\\/-]\\d{2}\\s\\d{2}:\\d{2}:\\d{2}.*INFO|NOTICE
d{4}[\\/-]\\d{2}[\\/-]\\d{2}\\s\\d{2}:\\d{2}:\\d{2}.*WARN
d{4}[\\/-]\\d{2}[\\/-]\\d{2}\\s\\d{2}:\\d{2}:\\d{2}.*ERROR|SEVERE|CRITICAL

D2Coding 의존

다운로드

klogg-settings.zip
D2Coding-Ver1.3.2-20180524.zip

Filename	Remarks
klogg.conf	구성

gitbash로 설치

curl https://dntco43u.github.io/infra/klogg-settings.zip -o $USERPROFILE/Downloads/klogg-settings.zip && \
7z x -y -o"$USERPROFILE/Downloads" $USERPROFILE/Downloads/klogg-settings.zip && \
mv $USERPROFILE/Downloads/klogg.conf "$PROGRAMFILES/klogg" && \
rm $USERPROFILE/Downloads/klogg-settings.zip

License

상업적 이용 제한 없음

klogg: GNU GPL v1 ¹
D2Coding: OFL ²

References

https://github.com/variar/klogg

putty

Sun, 14 Dec 2025 00:00:00 +0000

windows 구성

개요

색상 ¹
접속 정보를 제외하고 구성된 dev@hostaddr 세션
D2Coding 의존

다운로드

putty-sessions.zip
D2Coding-Ver1.3.2-20180524.zip

Filename	Remarks
putty-sessions.reg	세션 정보 레지스트리

gitbash로 설치

curl https://dntco43u.github.io/infra/putty-sessions.zip -o $USERPROFILE/Downloads/putty-sessions.zip && \
7z x -y -o"$USERPROFILE/Downloads" $USERPROFILE/Downloads/putty-sessions.zip && \
reg import $USERPROFILE/Downloads/putty-sessions.reg && \
find $USERPROFILE/Downloads/ -type f -name putty-sessions.* -exec rm {} \;

License

상업적 이용 제한 없음

putty: MIT ¹
D2Coding: OFL ²

dbeaver

Sat, 13 Dec 2025 00:00:00 +0000

License

상업적 이용 제한 없음

dbeaver-ce: Apaache v2 ¹
D2Coding: OFL ²

Troubleshooting

Error resolving dependencies Maven artifact ‘maven:/com.oracle.database.xml:xmlparserv2:RELEASE’ not found

oracle driver 설치 실패. dbeaver 관리자 권한으로 실행

Error : 1031, Position : 0, SQL = ALTER SESSION SET “_optimizer_push_pred_cost_based” = FALSE, Original SQL = ALTER SESSION SET “_optimizer_push_pred_cost_based” = FALSE, Error Message = ORA-01031: 권한이 불충분합니다

dbeaver ui에서 Edit Connection -> Connection settings -> Oracle properties 탭 -> Use metadata queries optimizer 체크 해제

github

Sat, 13 Dec 2025 00:00:00 +0000

 graph TB
 subgraph gvp6nx1a
 A[server] <-- ssh-keygen --> B1[ssh-key]
 A[server] <-- gpg --> B2[gpg-key]
 end
 A <-- ssh --> C[client]
 C <-- ssh --> D[github]
 A <-- ssh --> D

key 구성

ssh

키 생성

mkdir -p ~/ssh_keys && \
ssh-keygen -t ed25519 -P "" -C github-eddsa-key-$(date +%Y%m%d) -f ~/ssh_keys/dntco43u@github && \
mv ~/ssh_keys/dntco43u@github ~/ssh_keys/dntco43u@github.pem && \
cat ~/ssh_keys/dntco43u@github.pub && \
cat ~/ssh_keys/dntco43u@github.pem

클라이언트에 원본 키 다운로드

rclone copy -vv -P gvp6nx1a-ftp:/home/dev/ssh_keys $USERPROFILE/AppData/LocalLow/ssh_keys && \
git config --global user.name "dntco43u" && \
git config --global user.email "x*******-********@yahoo.com" && \
git config --global --add safe.directory '*' && \
eval "$(ssh-agent -s)" && \
ssh-add $USERPROFILE/AppData/LocalLow/ssh_keys/dntco43u@github.pem && \
ssh -T git@github.com

Hi dntco43u! You've successfully authenticated, but GitHub does not provide shell access.

서버에 원본 키 보관 (optional)

PoorMansTSqlFormatter

Sat, 13 Dec 2025 00:00:00 +0000

windows 구성

개요

들여쓰기 탭 대신 공백 2자리
키워드 표준화
키워드 대문자
탭 크기 0
콤마 뒤 열 공백 추가
파싱 에러 허용
BETWEEN 키워드 행 확장 거부
IN 키워드 행 확장 거부

dbeaver

Options
command line	“c:\Users\dev\AppData\Roaming\SqlFormatter\SqlFormatter.exe” /is:" " /sk- /uk /st:0 /sac /ae /ebc- /eil-
Formatter	External formatter
Use temp file	Uncheck ¹

SELECT *
FROM TABLE1 t
WHERE a > 100
 AND b BETWEEN 12 AND 45;

SELECT t.*
 , j1.x
 , j2.y
FROM TABLE1 t
JOIN JT1 j1 ON j1.a = t.a
LEFT OUTER JOIN JT2 j2 ON j2.a = t.a
 AND j2.b = j1.b
WHERE t.xxx IS NOT NULL;

DELETE
FROM TABLE1
WHERE a = 1;

UPDATE TABLE1
SET a = 2
WHERE a = 1

SELECT table1.id
 , table2.number
 , SUM(table1.amount)
FROM table1
INNER JOIN table2 ON table1.id = table2.table1_id
WHERE table1.id IN (
 SELECT table1_id
 FROM table3
 WHERE table3.name = 'Foo Bar'
 AND table3.type = 'unknown_type'
 )
GROUP BY table1.id
 , table2.number
ORDER BY table1.id;

command options

Options	Remarks
is	indentString (default: \t)
st	spacesPerTab (default: 4)
mw	maxLineWidth (default: 999)
sb	statementBreaks (default: 2)
cb	clauseBreaks (default: 1)
tc	trailingCommas (default: false)
sac	spaceAfterExpandedComma (default: false)
ebc	expandBetweenConditions (default: true)
ebe	expandBooleanExpressions (default: true)
ecs	expandCaseStatements (default: true)
ecl	expandCommaLists (default: true)
eil	expandInLists (default: true)
uk	uppercaseKeywords (default: true)
sk	standardizeKeywords (default: false)
ae	allowParsingErrors (default: false)
e	extensions (default: sql)
r	recursive (default: false)
b	backups (default: true)
b	outputFileOrFolder (default: none; if set, overrides the backup option)
l	languageCode (default: current if supported or EN; valid values include EN, FR and ES)

License

상업적 이용 제한 없음

keepass openwrt sftp 구성

Tue, 09 Dec 2025 00:00:00 +0000

 graph LR
 subgraph agq3mbw2
 A[openwrt] --- B1[keepass.kdbx]
 A[openwrt] --- B2[ssh]
 end
 B2 ---- D[duckdns]
 D <-- ssh --> C1[clients]
 C1 --- C2[keepass.keyx]

openwrt 구성

포트 개방

vi /etc/config/firewall

...
config redirect
 option dest 'lan'
 option target 'DNAT'
 option name 'agq3mbw2-ssh'
 option src 'wan'
 option dest_port '22'
 list proto 'tcp'
 option dest_ip '192.168.192.1'
 option family 'ipv4'
 option src_dport '5****'
...

/etc/init.d/firewall restart

계정 추가

echo "dev:x:1000:1000:dev:/home/dev:/bin/ash" >> /etc/passwd && \
echo "dev:x:1000:dev" >> /etc/group && \
echo "dev:19073:0:99999:7:::" >> /etc/shadow && \
passwd dev
_***************************************************************

mkdir -p /home/dev/.ssh && \
echo "ssh-ed25519 A******************************************************************* agq3mbw2-eddsa-key-20230927
" | sudo tee /home/dev/.ssh/authorized_keys && \
chmod 755 /home && \
chmod 755 /home/dev && \
chmod 700 /home/dev/.ssh && \
chmod 600 /home/dev/.ssh/authorized_keys && \
chown -R dev:dev /home/dev

echo "vscp5ekq:x:1001:1000:vscp5ekq:/home/vscp5ekq:/bin/ash" >> /etc/passwd && \
echo "agq3mbw2:x:1000:vscp5ekq" >> /etc/group && \
echo "vscp5ekq:.:0:0:99999:7:::" >> /etc/shadow && \
passwd vscp5ekq
Z***************************************************************

mkdir -p /home/vscp5ekq/.ssh && \
echo "ssh-rsa A*****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************== generated by Keepass2Android
" | sudo tee /home/vscp5ekq/.ssh/authorized_keys && \
chmod 755 /home && \
chmod 755 /home/vscp5ekq && \
chmod 700 /home/vscp5ekq/.ssh && \
chmod 600 /home/vscp5ekq/.ssh/authorized_keys && \
chown -R vscp5ekq:dev /home/vscp5ekq

dropbear

cat << EOF | tee /etc/config/dropbear
config dropbear
 option Port '22'
 option PasswordAuth 'off'
 option RootPasswordAuth 'off'
 option GatewayPorts 'on'
EOF

/etc/init.d/dropbear restart

패키지 설치

opkg update && \
opkg install luci-app-ddns drill curl openssh-sftp-server

ddns

vi /etc/config/ddns

config ddns 'global'
 option ddns_dateformat '%F %R'
 option ddns_loglines '250'
 option ddns_rundir '/var/run/ddns'
 option ddns_logdir '/var/log/ddns'
 option use_curl '1'

config service 'duckdns'
 option service_name 'duckdns.org'
 option use_ipv6 '0'
 option enabled '1'
 option password 'b*******-****-****-****-************'
 option use_https '1'
 option ip_source 'network'
 option ip_network 'wan'
 option interface 'wan'
 option use_syslog '2'
 option check_unit 'minutes'
 option force_unit 'minutes'
 option retry_unit 'seconds'
 option param_enc 'https://www.duckdns.org/update?domains=agq3mbw2&token=b*******-****-****-****-************'
 option cacert '/etc/ssl/certs/ca-certificates.crt'
 option lookup_host 'sj9n7air.duckdns.org'
 option domain 'sj9n7air.duckdns.org'
 option username 'sj9n7air'

/etc/init.d/ddns restart

db 권한

chown dev:dev -R /usr/share/keepass && \
chmod 770 /usr/share/keepass && \
chmod 660 /usr/share/keepass/fhy8vp3u.kdbx

windows 구성

KeePass.config.xml

vi $APPDATA/KeePass/KeePass.config.xml

...
<DatabasePath>sftp://sj9n7air.duckdns.org:5****/usr/share/keepass/fhy8vp3u.kdbx</DatabasePath>
<KeyFilePath>..\..\Users\dev\AppData\Roaming\KeePass\fhy8vp3u.keyx</KeyFilePath>
...

postgresql

Tue, 09 Dec 2025 00:00:00 +0000

 graph LR
 subgraph gvp6nx1a
 A1[apps] <-- tcp --> B2[postgresql]
 end
 B2 <-- tcp --> D[client]

host 구성

사설 인증서로 외부 접속 개방

sudo rm -rf /var/lib/pgsql && \
sudo dnf -y update && \
sudo dnf module remove -y postgresql:16/server && \
sudo dnf module install -y postgresql:16/server && \
sudo postgresql-setup --initdb

sudo vi /var/lib/pgsql/data/pg_hba.conf

...
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all trust
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust

host all all all scram-sha-256

sudo vi /var/lib/pgsql/data/postgresql.conf

...
# - Connection Settings -
listen_addresses = '*'

# - Authentication -
password_encryption = scram-sha-256

# - SSL -
ssl = on
ssl_cert_file = '/var/lib/pgsql/server.crt'
ssl_key_file = '/var/lib/pgsql/server.key'
ssl_ciphers = ' ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ARIA256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384'
ssl_ecdh_curve = 'X448:secp521r1:secp384r1'
ssl_min_protocol_version = 'TLSv1.2'
ssl_dh_params_file = '/opt/nginx/ssl/dhparam.pem'
...

cd /usr/share/pki/ca-trust-source/anchors && \
sudo openssl req -new -x509 -nodes -text -out server.crt \
 -keyout server.key -subj '/C=KR/ST=Seoul/L=Jungnang/O=fhy8vp3u/OU=dev/CN=fhy8vp3u/emailAddress=x*******-********@yahoo.com' && \
sudo openssl x509 -in server.crt -noout -dates && \
sudo chown dev:dev server.{key,crt} && \
sudo chmod 0400 server.key && \
sudo mv /usr/share/pki/ca-trust-source/anchors/server.crt /var/lib/pgsql/server.crt && \
sudo mv /usr/share/pki/ca-trust-source/anchors/server.key /var/lib/pgsql/server.key && \
sudo chown postgres:postgres /var/lib/pgsql/server.crt && \
sudo chown postgres:postgres /var/lib/pgsql/server.key

디스크 mount

Note

기본적으로 유일한 방법은 FAQ에 설명 된대로 “allocsize"마운트 옵션을 사용하는 것입니다.
InnoDB는 최대 16kB의 64페이지를 읽으므로 “allocsize=1M"이 가장 좋습니다.
고객과 마찬가지로 많은 DBA 또는 시스템 관리자도 이러한 동작을 인식하지 못할 수 있으며 실행 중인 시스템에서만 감지할 수 있습니다.
슬프게도, 나는 그것이 효과가 없었다고 말해야합니다. 미리 할당 된 공간의 크기는 원래 실행에서와 같이 계속 커졌습니다.
더 나쁜 것은이 명령을 실행 한 후 시작한 실행에도 영향을 미치지 않았다는 것입니다.
이는 마운트된 XFS 파일 시스템에 대해 “allocsize” 값을 변경할 수 없으며, 마운트 시 해당 값이 마운트 해제될 때까지 유효하다는 것을 증명합니다.
마운트 해제 한 다음 새로 마운트하여 “allocsize = 1M"을 제공 할 때만 고정 크기가 사전 할당 금액으로 표시되었습니다.
DBA의 관점에서 볼 때 이 변경으로 인해 MySQL 인스턴스의 종료를 피할 수 없음을 의미합니다. (물론 Galera 클러스터에 대해 이야기하면 노드를 한 번에 하나씩 처리 할 수 있기 때문에 시스템을 계속 사용할 수 있습니다.)

proxmox 기타 구성

Tue, 09 Dec 2025 00:00:00 +0000

proxmox 기타

local-lvm 삭제

lvremove /dev/pve/data && \
lvresize -l +100%FREE /dev/pve/root && \
resize2fs /dev/mapper/pve-root

node 이름 변경

TARGET_HOST=xxxxxxxx && \
sed -i "s/$TARGET_HOST/p6dhywxp/" /etc/hostname && \
sed -i "s/$TARGET_HOST/p6dhywxp/" /etc/hosts && \
sed -i "s/$TARGET_HOST/p6dhywxp/" /etc/postfix/main.cf && \
mv /var/lib/rrdcached/db/pve2-node/$TARGET_HOST /var/lib/rrdcached/db/pve2-node/p6dhywxp && \
mv /var/lib/rrdcached/db/pve2-storage/$TARGET_HOST /var/lib/rrdcached/db/pve2-storage/p6dhywxp && \
rm -rf /var/lib/rrdcached/db/pve2-{node,storage}/$TARGET_HOST && \
ls /var/lib/rrdcached/db/pve2-{node,storage} && \
systemctl stop pve-cluster && systemctl stop pvestatd && \
systemctl restart pve-cluster && systemctl restart pvestatd

no-subscription

web–ui에서 node -> hostname -> repositories -> disable enterprise/enable no subscription

vi /etc/apt/sources.list.d/pve-enterprise.list

# deb https://enterprise.proxmox.com/debian... bookworm eve-enterprise

vi /etc/apt/sources.list

deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription

vi /etc/apt/sources.list.d/ceph.list

# deb https://enterprise.proxmox.com/debian... bookworm enterprise
deb http://download.proxmox.com/debian/ce... bookworm no-subscription

구독 팝업 삭제

cp /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js{,.bak} && \
sed -i "/^ *checked_command:/,/^ *[a-zA-Z_]+:/{ s/status\.toLowerCase() !== 'active'/\0 \&\& false/ }" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js

microcode 패치

bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/microcode.sh)"

repo, subscription nag 비활성화

bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"

use tablet for pointer 비활성화

for vm in $(qm list | awk '{print $1}' | grep [0-9]); do qm set $vm --tablet 0; done

절전 공통

powertop

apt update -y && \
apt install powertop -y && \
powertop --auto-tune && \
systemctl enable powertop && systemctl restart powertop

aspm

dmesg | grep ASPM && \
lspci -vv | awk '/ASPM/{print $0}' RS= | grep --color -P '(^[a-z0-9:.]+|ASPM )'

aspm.py ¹

재시작 시 aspm 활성화

samba

Tue, 09 Dec 2025 00:00:00 +0000

host 구성

설치

sudo dnf -y update && \
sudo dnf install -y samba wsdd && \
sudo systemctl enable wsdd && sudo systemctl enable smb && \
sudo systemctl restart wsdd && sudo systemctl restart smb && \
sudo systemctl status wsdd && sudo systemctl status smb

포트 개방

smb: 139/tcp, 445/tcp
wsdd: 3702/udp, 5357/tcp ¹

sudo firewall-cmd --permanent --add-port={139,445}/tcp && \
sudo firewall-cmd --permanent --add-port=3702/udp && \
sudo firewall-cmd --permanent --add-port=5357/tcp && \
sudo firewall-cmd --reload && \
sudo firewall-cmd --list-all

selinux

sudo setsebool -P samba_export_all_ro on && \
sudo setsebool -P samba_export_all_rw on && \
sudo chcon -R -t samba_share_t /mnt/d2 && \
ls -lZ /mnt/d2 && \
sudo semanage boolean -l | grep samba

smb.conf

vi /etc/samba/smb.conf

...
[global]
 workgroup = WORKGROUP
 server min protocol = SMB3
 client min protocol = SMB3
 security = USER
 wins support = yes

[d2]
 path = /mnt/d2
 guest ok = no
 writable = yes
 valid users = dev
 create mask = 0660
 directory mask = 0770

wsdd

sudo vi /usr/lib/systemd/system/wsdd.service

# Command-line options for wsdd
OPTIONS="--interface eth0 --ipv4only --shortlog"

암호, 권한 구성

sudo chown -R dev:dev /mnt/d2 && \
sudo chmod -R 0660 /mnt/d2 && \
sudo chmod -R ug+X /mnt/d2 && \
sudo smbpasswd -a dev
*****************
sudo systemctl restart smb

License

상업적 이용 제한 없음

tgdrive/rclone

Tue, 09 Dec 2025 00:00:00 +0000

host 구성

패키지 설치 ¹

sudo dnf -y update && \
sudo dnf install -y unzip && curl -sSL instl.vercel.app/rclone | bash && sudo dnf remove -y unzip && \
cat ~/.config/rclone/rclone.conf

crond ² ³

vi ~/.local/bin/rclone_move.sh

#!/bin/bash
# rclone으로 이동

source /home/dev/.bashrc
source /home/dev/.local/bin/utils.sh
log_file=/home/dev/.local/log/$(basename "$0" | sed 's/.sh//').log
msg_file=/home/dev/.local/log/$(basename "$0" | sed 's/.sh//').tmp

cat /dev/null > "$log_file"
flock -n /tmp/rclone.lock \
 rclone move \
 "$1" "$2" \
 --config /home/dev/.config/rclone/rclone.conf \
 --log-file "$log_file" --log-level DEBUG \
 --delete-empty-src-dirs
grep -oE '^Transferred:.*100%.*\/s' "$log_file" \
 | head -n 1 | sed 's/\t//g' | sed 's/ */ /g' > "$msg_file"
send_tel_msg "$TEL_BOT_KEY" "$TEL_CHAT_ID" "$msg_file"
rm "$msg_file"

graph TB
 subgraph ec4mrjp5
 F2[icnex2pa.py] -- tcp --> F1[oracle]
 F3[.dbpasswd] -- 일일 생성 --> F2
 end
 subgraph gvp6nx1a
 A1[backup-data] -- 일일 생성 --> A[rclone]
 end
 F3 -- ssh --> A
 A -- 최신 일로부터 7개 --> D[ftp]
 A -- 최신 일로부터 7개 --> C[s3]
 A -- 최신 일로부터 7개 --> E[teambition]

vi ~/.local/bin/conf_backup.sh

#!/bin/bash
# conf 백업

source /home/dev/.bashrc
source /home/dev/.local/bin/utils.sh
log_file=/home/dev/.local/log/$(basename "$0" | sed 's/.sh//').log
msg_file=/home/dev/.local/log/$(basename "$0" | sed 's/.sh//').tmp

today=$(date +%Y%m%d)
key=$(ssh dev@1**.***.**.* -p 6**** -i /home/dev/.ssh/dev@ec4mrjp5.pem cat /home/dev/.local/etc/.dpasswd)
if [[ "$HOSTNAME" == "gvp6nx1a" ]]; then
 net_type="lan"
else
 net_type="wan"
fi
{ if [ -z "$key" ]; then
 err "MANDATORY PARAMETER MISSING"
 exit 1
 fi
 if [ ! -d "/tmp/conf_$HOSTNAME" ]; then
 mkdir -p "/tmp/conf_$HOSTNAME"
 fi
 if [ -f "/tmp/conf_$HOSTNAME/conf_$today.7z" ]; then
 rm "/tmp/conf_$HOSTNAME/conf_$today.7z"
 fi

 #excludelist에서 절대 경로 인식 -spf2
 7z a -mx9 -xr@/home/dev/.local/etc/.7zexc_conf -spf2 -p"$key" -mhc=on \
 -mhe=on \
 "/tmp/conf_$HOSTNAME/conf_$today.7z" \
 /etc/{fstab,profile.d,motd.d,logrotate.d,vsftpd,samba,fail2ban,ansible}
 7z a -mx9 -xr@/home/dev/.local/etc/.7zexc_conf -spf2 -p"$key" -mhc=on \
 -mhe=on \
 "/tmp/conf_$HOSTNAME/conf_$today.7z" \
 /home/dev
 7z a -mx9 -xr@/home/dev/.local/etc/.7zexc_conf -spf2 -p"$key" -mhc=on \
 -mhe=on \
 "/tmp/conf_$HOSTNAME/conf_$today.7z" \
 /opt

 #sj9n7air-ftp
 rclone delete \
 --config /home/dev/.config/rclone/rclone.conf \
 --log-file /home/dev/.local/log/rclone_conf_backup.log --log-level DEBUG \
 --include "{conf_*.7z}" \
 --min-age 7d \
 "sj9n7air-ftp:/mnt/d2/backups/$HOSTNAME"
 rclone copy \
 --config /home/dev/.config/rclone/rclone.conf \
 --log-file /home/dev/.local/log/rclone_conf_backup.log --log-level DEBUG \
 --include "{conf_*.7z}" \
 --ignore-times \
 "/tmp/conf_$HOSTNAME/conf_$today.7z" \
 "sj9n7air-ftp:/mnt/d2/backups/$HOSTNAME"

 #ahgcnzl5-s3
 rclone delete \
 --config /home/dev/.config/rclone/rclone.conf \
 --log-file /home/dev/.local/log/rclone_conf_backup.log --log-level DEBUG \
 --include "{conf_*.7z}" \
 --min-age 7d \
 "ahgcnzl5-s3:/ahgcnzl5/backups/$HOSTNAME"
 rclone copy \
 --config /home/dev/.config/rclone/rclone.conf \
 --log-file /home/dev/.local/log/rclone_conf_backup.log --log-level DEBUG \
 --include "{conf_*.7z}" \
 --ignore-times \
 "/tmp/conf_$HOSTNAME/conf_$today.7z" \
 "ahgcnzl5-s3:/ahgcnzl5/backups/$HOSTNAME"

 #gvp6nx1a-alist-ndgzbj1c@teambition
 eval rclone delete \
 --config /home/dev/.config/rclone/rclone.conf \
 --log-file /home/dev/.local/log/rclone_conf_backup.log --log-level DEBUG \
 --include "{conf_*.7z}" \
 --min-age 7d \
 "gvp6nx1a-alist-$net_type:/ndgzbj1c@teambition/backups/$HOSTNAME"
 eval rclone copy \
 --config /home/dev/.config/rclone/rclone.conf \
 --log-file /home/dev/.local/log/rclone_conf_backup.log --log-level DEBUG \
 --include "{conf_*.7z}" \
 --ignore-times \
 "/tmp/conf_$HOSTNAME/conf_$today.7z" \
 "gvp6nx1a-alist-$net_type:/ndgzbj1c@teambition/backups/$HOSTNAME"
} > "$log_file"

{ show_file_stat "/tmp/conf_$HOSTNAME/conf_$today.7z"
 echo "key=$key"
} > "$msg_file"
rm -rf "/tmp/conf_$HOSTNAME" >> "$log_file"
send_tel_msg "$TEL_BOT_KEY" "$TEL_CHAT_ID" "$msg_file"
rm "$msg_file"

License

상업적 이용 제한 없음

acme.sh

Mon, 08 Dec 2025 00:00:00 +0000

 graph LR
 subgraph gvp6nx1a
 A[acme.sh] ---> A2[ssl-cert]
 A2 <---> A3[apps]
 end
 F3[zerossl] -- dns-api --> A

container 구성

.env

vi /opt/.acme/.env

DuckDNS_Token=b*******-****-*********-************

zerossl 계정 등록

docker run -it --rm --name=acme --user=0:0 \
--env-file /opt/.acme/.env \
-e TZ=Asia/Seoul \
-v /opt/.acme:/acme.sh:rw \
neilpang/acme.sh:latest \
acme.sh --set-default-ca --register-account --server zerossl -m x*******-********@yahoo.com --eab-kid j********************* --eab-hmac-key D*************************************************************************************

SSL 인증서 최초 발급

docker run -it --rm --name=acme --user=0:0 \
-e TZ=Asia/Seoul \
-v /opt/.acme:/acme.sh:rw \
neilpang/acme.sh:latest \
acme.sh --issue --dns dns_duckdns -d "$HOSTNAME.duckdns.org" --keylength ec-384 --force && \
docker run -it --rm --name=acme --user=0:0 \
-e TZ=Asia/Seoul \
-v /opt/.acme:/acme.sh:rw \
neilpang/acme.sh:latest \
acme.sh --issue --dns dns_duckdns -d "*.$HOSTNAME.duckdns.org" --keylength ec-384 --force

host 구성

crond ¹

vi /home/dev/.local/bin/acme_cron.sh

#!/bin/bash
# acme.sh 인증서 갱신

source /home/dev/.bashrc
source /home/dev/.local/bin/utils.sh
log_file=/home/dev/.local/log/$(basename "$0" | sed 's/.sh//').log
msg_file=/home/dev/.local/log/$(basename "$0" | sed 's/.sh//').tmp

old_file_date=$(stat --printf="%y" \
 /opt/.acme/"$HOSTNAME".duckdns.org_ecc/fullchain.cer)
old_file_date=$(echo "$old_file_date" | cut -d ' ' -f1 | sed -E 's/-//g')
docker run \
 -i --rm --name=acme --network=dev --user=0:0 \
 --env-file=/opt/.acme/.env \
 -e TZ=Asia/Seoul \
 -v /opt/.acme:/acme.sh:rw \
 neilpang/acme.sh:latest \
 acme.sh --cron --debug > "$log_file"

skip_renew_msg="Skip.*Next renewal time is:.*"
if grep -qoE "$skip_renew_msg" "$log_file"; then
 cert_exp_date="$(date "+%Y%m%d" -d "$old_file_date 90 day")"
fi
total_period=$(get_valid_dates "$old_file_date" "$cert_exp_date" | wc -l)
current_period=$(get_valid_dates "$(date "+%Y%m%d")" "$cert_exp_date" | wc -l)
echo "old_file_date=$old_file_date"
echo "cert_exp_date=$cert_exp_date"
echo "total_period=$total_period"
echo "current_period=$current_period"
{ grep -oE "Your cert key is in:.*|The intermediate CA cert is in:.*|\
And the full chain certs is there:.*|$skip_renew_msg|Error.*" "$log_file"
 if grep -qoE "$skip_renew_msg" "$log_file"; then
 show_progress_bar "$current_period" "$total_period" "d"
 fi
} > "$msg_file"
send_tel_msg "$TEL_BOT_KEY" "$TEL_CHAT_ID" "$msg_file"
rm "$msg_file"

License

상업적 이용 제한 없음

bash 환경 변수

Mon, 08 Dec 2025 00:00:00 +0000

환경 변수

파일별 구분

Filename	Remarks
/etc/environment	모든 프로세스에 대해 기본 환경을 지정하는 변수를 정의. 로그인 시. profile이라는 로그인 프로파일을 읽기 전에 시스템은 /etc/environment 파일에서 환경 변수를 설정
/etc/profile, /etc/bashrc	전체 사용자에게 적용
~/.bashrc, ~/.profile, ~/.bash_profile	해당 사용자에게만 적용
/etc/profile, .profile	shell이 bash가 아니라도 로그인하면 로드되어 적용되고. bashrc 와. bash_login, .bash_profile은 bash shell로 로그인 되었을 경우만 적용
~/.bash_logout	로그인 shell이 로그아웃할 때 수행

Note

무엇을 하는지 알지 못하면 이 파일을 변경하는 것은 좋지 않습니다.
/etc/profile.d/에 custom.sh 셸 스크립트를 만들어 환경에 대한 사용자 지정 변경을 하는 것이 훨씬 좋습니다.
이렇게 하면 향후 업데이트에서 병합할 필요가 없습니다.

docker

Mon, 08 Dec 2025 00:00:00 +0000

host 구성

패키지 설치

Note

docker-compose 패키지 저장소에 추가되었으므로 패키지로 설치해 사용
또한 바이너리명이 변경되었음. docker-compose -> docker compose

sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo && \
sudo dnf update -y && sudo dnf upgrade -y && \
sudo dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin && \
sudo systemctl restart docker && \
sudo systemctl enable docker && \
sudo systemctl status docker.service && \
sudo docker run -it --rm busybox nslookup google.com

docker-compose 설치

sudo curl -L "https://github.com/docker/compose/releases/download/v2.6.0/docker compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker compose && \
sudo chmod +x /usr/local/bin/docker compose && \
sudo ln -s /usr/local/bin/docker compose /usr/bin/docker compose && \
sudo docker compose --version

권한 구성

sudo usermod -aG docker dev
cat /etc/group | grep docker
logout

bridge network

관리 편의를 위해 다수의 컨테이너를 bridge로 구성할 것이다

grafana

Mon, 08 Dec 2025 00:00:00 +0000

 graph TB
 subgraph gvp6nx1a
 A1[loki] -- http --> B[grafana]
 A2[postgresql] -- tcp --> B
 A3[prometheus] -- http --> B
 A4[postgres-exporter] -- http --> A3
 A2 -- tcp --> A4
 E1[promtail] -- http --> A1
 E2[node-exporter] -- http --> A3
 C[nginx] <-- http --> B
 end
 E3[node-exporter] -- https --> A3
 E4[promtail] -- https --> A1
 D[client] <-- https --> C

container 구성

docker-compose.yml

network bridge 구성이어도 host를 허용하도록 구성

nginx

Mon, 08 Dec 2025 00:00:00 +0000

 graph LR
 A5[server] <-- https --> B[nginx]
 subgraph gvp6nx1a
 A1[apps] <-- http --> B[nginx]
 A2[geoip] -- country-code --> B
 B -- log --> A3[promtail]
 A3 -- http --> A7[loki]
 A4[acme.sh] -- ssl-cert --> B
 end
 A7 <-- https --> E[server]
 A6[zerossl] -- dns-api --> A4
 B <-- https --> C1[client]

container 구성

Dockerfile

vi /opt/nginx/Dockerfile

FROM nginx:alpine-slim AS builder
RUN apk update && \
 apk add --no-cache --virtual .build-deps \
 gcc \
 geoip-dev \
 git \
 libc-dev \
 libmaxminddb \
 libmaxminddb-dev \
 make \
 openssl-dev \
 pcre-dev \
 python3-dev \
 py3-pip \
 zlib-dev && \
 rm -rf /var/cache/apk/*
WORKDIR /usr/local
RUN git clone https://github.com/leev/ngx_http_geoip2_module.git --depth=1
RUN wget http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && \
 mkdir -p /usr/src && \
 tar -zxC /usr/src -f nginx-${NGINX_VERSION}.tar.gz
RUN CONFARGS=$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p') \
 cd /usr/src/nginx-$NGINX_VERSION && \
 ./configure --with-compat $CONFARGS \
 --add-dynamic-module=/usr/local/ngx_http_geoip2_module/ && \
 make && \
 make modules && \
 make install && \
 mkdir -p /usr/local/nginx/modules/
FROM nginx:alpine-slim
COPY --from=builder /usr/local/nginx/modules/ngx_http_geoip2_module.so /usr/lib/nginx/modules/ngx_http_geoip2_module.so
RUN apk update && \
 apk add --no-cache \
 libmaxminddb \
 openssl && \
 rm -rf /var/cache/apk/*

docker build -t e7hnr8ov/nginx:alpine /opt/nginx

docker-compose.yml

network bridge 구성이어도 host를 허용하도록 구성

oracle/instantclient

Mon, 08 Dec 2025 00:00:00 +0000

container 구성

Dockerfile (x86)

sudo vi /opt/instantclient/Dockerfile

#FIXME: ubuntu 최신 버전 libaio1 없으므로 22.04로 build
FROM ubuntu:22.04
ARG DEBIAN_FRONTEND=noninteractive
ENV TZ=Asia/Seoul
ENV ORACLE_HOME=/opt/oracle/instantclient
ENV PATH=$PATH:$ORACLE_HOME
ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME
ENV SQLPATH=${INSTANT_CLIENT_PATH}:${SQLPATH}
ENV TNS_ADMIN=/opt/oracle/instantclient/network/admin
RUN apt-get update && \
 apt-get install -y tzdata \
 libaio1 \
 python3 \
 python3-pip \
 curl \
 unzip && \
 ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && \
 echo $TZ > /etc/timezone && \
 echo /opt/oracle/instantclient > /etc/ld.so.conf.d/oic.conf && \
 ldconfig && \
 curl https://download.oracle.com/otn_software/linux/instantclient/1919000/instantclient-basiclite-linux.x64-19.19.0.0.0dbru.el9.zip -so /tmp/instantclient.zip && \
 unzip -o /tmp/instantclient.zip -d /opt/oracle && \
 rm /tmp/instantclient.zip && \
 curl https://download.oracle.com/otn_software/linux/instantclient/1919000/instantclient-sqlplus-linux.x64-19.19.0.0.0dbru.el9.zip -so /tmp/instantclient.zip && \
 unzip -o /tmp/instantclient.zip -d /opt/oracle && \
 rm /tmp/instantclient.zip && \
 curl https://download.oracle.com/otn_software/linux/instantclient/1919000/instantclient-tools-linux.x64-19.19.0.0.0dbru.el9.zip -so /tmp/instantclient.zip && \
 unzip -o /tmp/instantclient.zip -d /opt/oracle && \
 rm /tmp/instantclient.zip && \
 cd /opt/oracle && \
 mv instantclient_19_19 instantclient && \
 python3 -m pip install --no-cache-dir pip && \
 python3 -m pip install --no-cache-dir oracledb && \
 apt-get purge -y python3-pip \
 curl \
 unzip && \
 apt-get autoremove -y && \
 apt-get clean autoclean && \
 rm -rf /var/lib/apt/lists/*

docker build -t e7hnr8ov/oracle-instantclient:alpine /opt/instantclient

Dockerfile (arm)

sudo vi /opt/instantclient/Dockerfile

FROM python:alpine
ENV TZ Asia/Seoul
ENV LD_LIBRARY_PATH /opt/oracle/instantclient
RUN apk update && \
 apk add --no-cache g++ \
 libaio \
 libc6-compat \
 curl && \
 curl https://download.oracle.com/otn_software/linux/instantclient/191000/instantclient-basiclite-linux.arm64-19.10.0.0.0dbru.zip -so /tmp/instantclient.zip && \
 unzip -o /tmp/instantclient.zip -d /opt/oracle && \
 cd /opt/oracle && \
 mv instantclient_19_10 instantclient && \
 ln -s /opt/oracle/instantclient/libclntsh.so.19.1 /usr/lib/libclntsh.so && \
 ln -s /opt/oracle/instantclient/libocci.so.19.1 /usr/lib/libocci.so && \
 ln -s /opt/oracle/instantclient/libociicus.so /usr/lib/libociicus.so && \
 ln -s /opt/oracle/instantclient/libnnz19.so /usr/lib/libnnz19.so && \
 ln -s /lib/libc.so.6 /usr/lib/libresolv.so.2 && \
 rm /tmp/instantclient.zip && \
 python -m pip install --no-cache-dir cx_Oracle && \
 apk del curl && \
 rm /var/cache/apk/*

docker build -t e7hnr8ov/oracle-instantclient:alpine /opt/instantclient

host 구성

crond

일정 기간 db 유휴 시 데이터 삭제를 공지하고 있으므로 매일 테스트 스키마를 갱신하도록 구성 ¹ ²

#!/bin/bash
# oci oralcedb 유휴 방지

source /home/dev/.bashrc
source /home/dev/.local/bin/utils.sh
log_file=/home/dev/.local/log/$(basename "$0" | sed 's/.sh//').log
msg_file=/home/dev/.local/log/$(basename "$0" | sed 's/.sh//').tmp

user=HR
pass=z*****************************
url="'(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1521)(host=adb.ap-seoul-1.oraclecloud.com))(connect_data=(service_name=g**************_********_tpurgent.adb.oraclecloud.com))(security=(ssl_server_dn_match=yes)))'"
docker run \
 -i --rm --name=instantclient-cqa7wtjg --network=dev --user=0:0 \
 --env-file /opt/instantclient/.env \
 -e TZ=Asia/Seoul \
 -v /opt/instantclient/config/wallet_cqa7wtjg:/opt/oracle/instantclient/network/admin:ro \
 -v /opt/instantclient/data:/data:rw \
 e7hnr8ov/instantclient:ubuntu \
 /bin/bash -c "exit | sqlplus $user/$pass@$url @/data/hr_schema/drop.sql" > "$log_file"
tail -n4 "$log_file" | head -n1 > "$msg_file"

docker run \
 -i --rm --name=instantclient-cqa7wtjg --network=dev --user=0:0 \
 --env-file /opt/instantclient/.env \
 -e TZ=Asia/Seoul \
 -v /opt/instantclient/config/wallet_cqa7wtjg:/opt/oracle/instantclient/network/admin:ro \
 -v /opt/instantclient/data:/data:rw \
 e7hnr8ov/instantclient:ubuntu \
 /bin/bash -c "exit | sqlplus $user/$pass@$url @/data/hr_schema/make.sql" >> "$log_file"
tail -n4 "$log_file" | head -n1 >> "$msg_file"

send_tel_msg "$TEL_BOT_KEY" "$TEL_CHAT_ID" "$msg_file"
rm "$msg_file"

#!/bin/bash
# oci oralcedb 유휴 방지

source /home/dev/.bashrc
source /home/dev/.local/bin/utils.sh
log_file=/home/dev/.local/log/$(basename "$0" | sed 's/.sh//').log
msg_file=/home/dev/.local/log/$(basename "$0" | sed 's/.sh//').tmp

user=HR
pass=B*****************************
url="'(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1521)(host=adb.ap-seoul-1.oraclecloud.com))(connect_data=(service_name=g**************_********_high.adb.oraclecloud.com))(security=(ssl_server_dn_match=yes)))'"
docker run \
 -i --rm --name=instantclient-dwc8khum --network=dev --user=0:0 \
 --env-file /opt/instantclient/.env \
 -e TZ=Asia/Seoul \
 -v /opt/instantclient/config/wallet_dwc8khum:/opt/oracle/instantclient/network/admin:ro \
 -v /opt/instantclient/data:/data:rw \
 e7hnr8ov/instantclient:ubuntu \
 /bin/bash -c "exit | sqlplus $user/$pass@$url @/data/hr_schema/drop.sql" > "$log_file"
tail -n4 "$log_file" | head -n1 > "$msg_file"

docker run \
 -i --rm --name=instantclient-dwc8khum --network=dev --user=0:0 \
 --env-file /opt/instantclient/.env \
 -e TZ=Asia/Seoul \
 -v /opt/instantclient/config/wallet_dwc8khum:/opt/oracle/instantclient/network/admin:ro \
 -v /opt/instantclient/data:/data:rw \
 e7hnr8ov/instantclient:ubuntu \
 /bin/bash -c "exit | sqlplus $user/$pass@$url @/data/hr_schema/make.sql" >> "$log_file"
tail -n4 "$log_file" | head -n1 >> "$msg_file"

send_tel_msg "$TEL_BOT_KEY" "$TEL_CHAT_ID" "$msg_file"
rm "$msg_file"

vsftpd

Mon, 08 Dec 2025 00:00:00 +0000

 graph LR
 subgraph gvp6nx1a
 A2[ssl-cert] --- A1
 end
 A1[vsftpd] <-- tcp/tls --> B[client]
 A1[vsftpd] <-- ftp-passive --> B

host 구성

포트 개방

sudo firewall-cmd --permanent --add-forward-port=port=6****:proto=tcp:toport=21 && \
sudo firewall-cmd --permanent --add-port=6****-6****/tcp && \
sudo firewall-cmd --reload && \
sudo firewall-cmd --list-all

selinux

Note

Permissive mode인 경우에도 필수적으로 구성

sudo setsebool -P ftpd_use_passive_mode on && \
sudo setsebool -P ftpd_full_access on

설치

sudo dnf update -y && sudo dnf install -y vsftpd && \
sudo systemctl enable vsftpd && \
sudo systemctl start vsftpd && \
sudo systemctl status vsftpd

sudo cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bak && \
sudo cp /etc/vsftpd/ftpusers /etc/vsftpd/ftpusers.bak

root 접속 허용 (optional)

wireguard

Mon, 08 Dec 2025 00:00:00 +0000

 graph LR
 subgraph iptables
 subgraph bridge-network
 A1[docker/wireguard] <--> B[docker]
 A2[apps] <--> B
 end
 subgraph host-network
 C[host] <--> C1[package/wireguard]
 end
 end
 A1 <-- udp --> D[client]
 C1 <-- udp --> D
 B <-- wireguard 라우팅 방법을 찾지 못함 --> C

host 구성

포트 개방

sudo firewall-cmd --permanent --add-port=6****/udp && \
sudo firewall-cmd --reload && \
sudo firewall-cmd --list-all

container 구성

docker-compose.yml

vi /opt/wireguard/docker-compose.yml

services:
 wireguard:
 image: linuxserver/wireguard:1.0.20210914
 container_name: wireguard
 networks:
 - dev
 ports:
 - 6****:6****/udp
 user: 0:0
 environment:
 - PUID=1000
 - PGID=1000
 - TZ=Asia/Seoul
 - PEERS=1
 - PEERDNS=auto
 - LOG_CONFS=false
 volumes:
 - /usr/src:/usr/src:ro
 - /lib/modules:/lib/modules:ro
 - /opt/wireguard/config/wg_confs/wg0.conf:/config/wg_confs/wg0.conf:ro
 - /opt/wireguard/config/coredns/Corefile:/config/coredns/Corefile:ro
 cap_add:
 - NET_ADMIN
 - SYS_MODULE
 sysctls:
 - net.ipv4.conf.all.src_valid_mark=1
 restart: unless-stopped
networks:
 dev:
 external: true

key 생성

docker exec -it wireguard /bin/sh && \
umask 077 && \
wg genkey | tee /etc/wireguard/server.key | wg pubkey > /etc/wireguard/server.pub && \
wg genkey | tee /etc/wireguard/client.key | wg pubkey > /etc/wireguard/client.pub && \
wg genpsk > /etc/wireguard/client.psk && \
cat /etc/wireguard/server.key && \
cat /etc/wireguard/server.pub && \
cat /etc/wireguard/client.key && \
cat /etc/wireguard/client.pub && \
cat /etc/wireguard/client.psk

wg0.conf

vi /opt/wireguard/config/wg_confs/wg0.conf

[Interface]
Address = 10.10.0.4/32
ListenPort = 6****
PrivateKey = +******************************************=
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth+ -j MASQUERADE

[Peer]
PublicKey = t******************************************=
PresharedKey = h******************************************=
AllowedIPs = 10.10.0.0/24
PersistentKeepalive = 25

Corefile

coredns healthcheck 비활성화

RHEL9 기타 구성

Sun, 07 Dec 2025 00:00:00 +0000

기타 구성

sshd_config

cat << EOF | sudo tee /etc/ssh/sshd_config.d/10-dev.conf
PasswordAuthentication no
PubkeyAuthentication yes

SyslogFacility AUTHPRIV
LogLevel INFO
EOF

sudo service sshd restart

swap

생성

sudo fallocate -l 4G /swapfile && \
sudo chmod 600 /swapfile && \
sudo mkswap /swapfile && \
sudo swapon /swapfile && \
sudo tee -a /etc/fstab <<EOF
UUID=23ff5ad2-345b-45a4-992d-71d4a1a99f9b / ext4 rw, discard, errors=remount-ro, x-systemd.growfs, noatime, nodiratime 0 1
UUID=5D92-027D /boot/efi vfat defaults 0 0
/swapfile swap swap defaults 0 0
EOF

sudo mount -a

변경

infra on 대충어쩌고저쩌고샬라샬라

개발환경

winmerge

License

References

winscp

License

References

code-server

container 구성

.env

docker-compose.yml 1

공통 구성

doublecmd

windows 구성

개요

다운로드

gitbash로 설치

License

References

klogg

windows 구성

개요

다운로드

gitbash로 설치

License

References

putty

windows 구성

개요

다운로드

gitbash로 설치

License

dbeaver

License

Troubleshooting

github

key 구성

ssh

PoorMansTSqlFormatter

windows 구성

개요

dbeaver

command options

License

keepass openwrt sftp 구성

openwrt 구성

포트 개방

계정 추가

dropbear

패키지 설치

ddns

db 권한

windows 구성

KeePass.config.xml

postgresql

host 구성

사설 인증서로 외부 접속 개방

디스크 mount

proxmox 기타 구성

proxmox 기타

local-lvm 삭제

node 이름 변경

no-subscription

구독 팝업 삭제

microcode 패치

repo, subscription nag 비활성화

use tablet for pointer 비활성화

절전 공통

powertop

aspm

aspm.py 1

samba

host 구성

설치

포트 개방

selinux

smb.conf

wsdd

암호, 권한 구성

docker-compose.yml ¹

aspm.py ¹

패키지 설치 ¹

crond ² ³

crond ¹