Merge branch 'master' of github.com:HON95/wiki

cloud/google-workspace.md

@@ -0,0 +1,42 @@
+---
+title: Google Workspace
+breadcrumbs:
+- title: Cloud
+---
+{% include header.md %}
+
+## Stuff to Remember
+
+Basic stuff to remember to set up for workspaces for personal accounts or tiny businesses.
+
+### Directory
+
+- Add groups for various mail lists:
+    - Special groups (for all domains): abuse@domain, postmaster@domain
+
+### Apps
+
+- Calendar:
+    - Adjust sharing settings, both under "sharing settings" and "general settings".
+- Drive and Docs:
+    - Adjust sharing settings.
+    - Disable Drive for Desktop?
+- Gmail:
+    - Setup a catch-all default routing rule: All recipients, add "X-GM" headers, "perform this action only on non-recognized addresses". Add a recipient with "change envelope recipient" to the address it should go to (e.g. "[email protected]"), "suppress bounces from this recipient", add headers (again), prepend custom subject (e.g. "[Catch-All]"). Remember to add the recipient address as an alias to a user or group.
+    - Setup mail authentication (DKIM). Copy the record to DNS. (Make sure DMARC and SPF is configured too.)
+
+### Security
+
+- 2-step verification: Enable 2FA enforcement?
+- Account recovery: Enable account recovery for superadmin and non-admin user accounts?
+
+### Account
+
+- Admin roles
+    - Add extra admin users?
+- Domains:
+    - Add a primary domain and optional secondary domains.
+    - Configure DNS to both receive and send mail from all domains (as part of the wizard to add them).
+    - Add SPF and DKIM DNS records for the domains. Make sure the DMARC DNS record is set up properly too.
+- Branding:
+    - Add a personalization logo. PNG/GIF, 320x132, max 30kB.

computers/dell-poweredge.md

@@ -26,7 +26,7 @@ There are lots of ways to upgrade the firmware, but most are painful and typical
 1. Select local drive, select the USB drive and enter the filename on the drive.
 1. Success (maybe).
 
-### G12 and higher
+### G12 and Later
 
 Update through iDRAC 7 using HTTP site `downloads.dell.com`.
 
@@ -89,17 +89,31 @@ For max performance, use two dual-rank 1333MHz DIMMS in slots 1 and 2 for all ch
 
 - C-states and C1E: May significantly reduce power usage when idle.
 
-## Loudness
+## Fans
 
 Mostly based on empirical evidence.
 
 - Generally, the servers will attempt to adapt the fan speed to whatever hardware is used. To make is more silent, try to remove hardware you don't need.
 - The number of DIMMs doesn't seem to affect the fan speed.
 - For the R720, using 1600MHz DIMMs makes the server much louder than 1333MHz DIMMs.
 - For the R620 and R720, using a 10G SFP+ NIC module makes it louder than using a 1G copper module.
-- For the R320, using hard drives in the bays makes it much louder.
+- For the R320, using hard drives (non-Dell?) in the bays makes it much louder.
 
-## Theory
+### Disable 3rd-party Device Fan Response (G13 and later?)
+
+- This feature causes the fans to spin a bit faster when using 3rd-party PCIe devices, HDDs etc. It's annoying for homelabs. It can be disabled using IPMI.
+- Check status: `ipmitool -I lanplus -H <IPADDRESS> -U <USERNAME> -P <PASSWORD> raw 0x30 0xce 0x01 0x16 0x05 0x00 0x00 0x00` (`... 01 00 00` means disabled)
+- Enable fan response (default): `ipmitool -I lanplus -H <IPADDRESS> -U <USERNAME> -P <PASSWORD> raw 0x30 0xce 0x00 0x16 0x05 0x00 0x00 0x00 0x05 0x00 0x00 0x00 0x00`
+- Disable fan response (quiet): `ipmitool -I lanplus -H <IPADDRESS> -U <USERNAME> -P <PASSWORD> raw 0x30 0xce 0x00 0x16 0x05 0x00 0x00 0x00 0x05 0x00 0x01 0x00 0x00`
+
+## GPUs
+
+### GPGPUs in R730
+
+- Mounting GPUs requires GPU risers with power outlets (EPS-12V) and fan shroud with GPU airflow openings.
+- Certain GPGPUs like K80, M40, M60, P100, V100 uses EPS-12V inlets instead of PCIe inlets like normal GPUs. This requires a special EPS-12V GPU cable and not one that converts the pinout to PCIe. This cable also needs to be mounted the correct way to avoid short-circuiting and probably melting/burning the cable. If your cable has the black wires on the "clip side" of the connector, it's probably a PCIe pinout and won't work. The end with all-yellows on one side of the connector and all-blacks on the other side goes into the GPU, while the connector with one black on the yellow side goes into the riser.
+
+## Miscellanea
 
 ### Model Name Convention
 

index.md

@@ -22,6 +22,7 @@ Random collection of config notes and Miscellanea. _Technically not a wiki._
 - [AWS](/cloud/aws/)
 - [Azure](/cloud/azure/)
 - [Cloudflare](/cloud/cloudflare/)
+- [Google Workspace](/cloud/google-workspace/)
 
 ## Computers
 

linux-servers/debian.md

@@ -5,7 +5,7 @@ breadcrumbs:
 ---
 {% include header.md %}
 
-Using **Debian 11 (Bullseye)**.
+Using **Debian 12 (Bookworm)**.
 
 ## Basic Setup
 
@@ -14,8 +14,8 @@ Using **Debian 11 (Bullseye)**.
 - Always verify the downloaded installation image after downloading it.
 - If installing in a Proxmox VE VM, see [Proxmox VE: VMs: Initial Setup](/virt/proxmox-ve/#initial-setup).
 - Prefer UEFI if possible.
-- Use the non-graphical installer. It's basically the same as the graphical one.
-- If it asks to install non-free firmware, take note of the packages so they can be installed later.
+- Use the non-graphical installer. It's basically exactly the same as the graphical one.
+- If it mentions missing non-free firmware, take note of the packages so they can be installed later.
 - Localization:
     - For automation-managed systems: It doesn't matter.
     - Language: United States English.
@@ -34,27 +34,32 @@ Using **Debian 11 (Bullseye)**.
 - System disk partitioning:
     - Simple system: Guided, single partition, use all available space.
     - Advanced system: Manually partition, see [system storage](/linux-servers/storage/#system-storage).
-    - Swap can be set up later as a file or LVM volume.
+    - Swap can be set up later as a file or LVM volume. It isn't really that useful anymore.
     - When using LVM: Create the partition for the volume group, configure LVM (separate menu), configure the LVM volumes (filesystem and mount).
 - Package manager:
     - Just pick whatever it suggests.
 - Software selection:
-    - Select only "SSH server" and "standard system utilities".
-- GRUB bootloader:
+    - Just "SSH server", so e.g. Ansible can reach it.
+- GRUB bootloader (no longer asked):
     - Install to the suggested root disk (e.g. `/dev/sda`).
 
-### Prepare for Ansible Configuration
+### Prepare for Ansible Configuration (if Ansible)
 
 Do this if you're going to use Ansible to manage the system.
 This is mainly to make the system accessible by Ansible, which can then take over the configuration.
 If creating a template VM, run the first instructions before saving the template and then run the last instructions on cloned VMs.
 
 1. Upgrade all packages: `apt update && apt full-upgrade`
-1. If running in a QEMU VM (e.g. in Proxmox), install the agent: `apt install qemu-guest-agent`
-1. Setup sudo for the automation user: `apt install sudo && usermod -aG sudo ansible`
-1. (Optional) Convert the VM into a template and clone it into a new VM to be used hereafter.
-1. Update the IP addresses in `/etc/network/interfaces` (see the example below).
-1. Update the DNS server(s) in `/etc/resolv.conf`: `nameserver 1.1.1.1`
+    1. If anything significant was updated, restart the server.
+1. Install the required packages: `apt install openssh-server sudo python3 vim`
+    - If PVE/QEMU VM, install `qemu-guest-agent`.
+1. Setup sudo for Ansible: `usermod -aG sudo ansible`
+1. (Optional, for PVE VMs) Convert the VM into a template:
+    1. Shut down the VM.
+    1. Change to a template.
+    1. Clone it into a new VM to be used hereafter.
+    1. Boot the new VM and continue with the setup.
+1. (Optional, for non-cloud) Set static IP addresses in `/etc/network/interfaces` (see the example below).
 1. Reboot.
 
 Example `/etc/network/interfaces`:
@@ -75,7 +80,7 @@ iface ens18 inet6 static
     accept_ra 0
 ```
 
-### Manual Configuration
+### Manual Configuration (if not Ansible)
 
 The first steps (`(Skip)`) may be skipped if already configured during installation (i.e. not cloning a template VM).
 

networking/cisco-sda.md

@@ -19,6 +19,10 @@ breadcrumbs:
 
 ## Useful Commands
 
+### Multicast (Native Mode)
+
+- Show overlay to underlay group mapping: `show ip multicast overlay-mapping lisp <group> <?> interface LISP0.<IID>`
+
 ### Wireless
 
 - Show AP tunnels for edge: `show access-tunnel summary`
@@ -64,11 +68,12 @@ breadcrumbs:
 - Multicast:
     - For IPv4, it supports head-end replication and native multicast.
     - For IPv6, it only supports head-end replication. (TODO: Does enabling native multicast for a site kill IPv6 multicast or will it continue to use head-end replication?)
-    - *Head-end replication* runs completely in the overlay and makes edge devices duplicate multicast streams into unicast streams to each edge device with subscribers. This causes increased overhead.
-    - *Native multicast* tunnels multicast streams inside underlay multicast packets and avoids head-end replication.
+    - *Head-end replication* runs completely in the overlay and makes edge devices duplicate multicast streams into unicast streams to each edge device with subscribers. This causes increased overhead. It supports at most 1000 groups (configurable?). This mode is not recommended after native multicast became available.
+    - *Native multicast* tunnels multicast streams inside underlay multicast packets and avoids head-end replication. It maps overlay multicast groups into 1000 underlay SSS groups (configurable-ish).
     - Supports sources both inside and outside the fabric.
     - Protocol Independent Multicast (PIM) with both any-source multicast (ASM) and any-source multicast (ASM) is supported in both the underlay and overlay.
     - For details around rendezvous points (RPs) and stuff, see the design guide.
+    - Multicast over Pub/Sub SDA transit is supported starting with DNCA 2.3.5 and IOS XE 17.10 (LISP/BGP SDA transit is not supported).
 - Layer 2 flooding:
     - Traffic that is normally flooded in traditionally networks, like ARP, is often handled differently and more efficiently in overlay technologies like SDA.
     - Certain applications and protocols requires layer 2 flooding to work. To address this, *layer 2 flooding* may be enabled for a VN/site (if really needed).
@@ -78,7 +83,7 @@ breadcrumbs:
         - Certain building management systems.
         - ???
     - This will reduce scalability of the VN/site, so it should only be used for /24 subnets and smaller.
-    - The L2 flooding is mapped to a dedicated multicast group in the underlay, using PIM-ASM. All edge nodes active for the VN must listen to this group.
+    - The L2 flooding is mapped to a dedicated multicast group in the underlay (239.0.17.1), using PIM ASM. All edge nodes active for the VN must listen to this group.
 - ARP:
     - When a client sends an ARP request, the edge looks up the RLOC/address for the edge the target resides at and then the ARP is unicasted to that edge.
 - DHCP relays:
@@ -90,6 +95,20 @@ breadcrumbs:
     - **TODO**
     - https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/sd-access-wired-wireless-dg.html
     - https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-3-1-0/user_guide/cisco_dna_service_for_bonjour/b_cisco-dna-service-for-bonjour_user_guide_2-1-2/m_deploying-wide-area-bonjour-for-cisco-sd-access-network.html
+- VLAN ID numbering (*outdated*):
+    - VLAN 1024-: Client-facing VLANs with anycast SVIs
+    - 2045: AP
+    - 2046: Voice
+    - 2047: Critical
+    - 3001-3500: Border uplinks (transit/peer)
+- LISP instance ID numbering:
+    - 4000 series: VNs (L3)
+    - 8000 series: VLANs (L2)
+- Loopback numbering:
+    - 0: Underlay loopback
+    - 1000 series: Anycast gateway loopbacks (borders) (same numbers as VLANs/SVIs on edges)
+    - 4000 series: Multicast loopback by LISP-instance (if multicast enabled for VN) (all nodes)
+    - 60000: Anycast-RP loopback (used by L2-flooding) (on RPs only)
 
 ### Locator ID Separation Protocol (LISP)
 

networking/multicast.md

@@ -43,19 +43,25 @@ See the [IPv4](/networking/ipv4/) and [IPv6](/networking/ipv6/) pages.
 
 #### Operational Commands
 
-- Routing:
-    - Show mcast routing table: `show {ip|ipv6} mroute [group]`
+- "Routing" (mostly PIM):
+    - Show active groups: `show {ip|ipv6} [vrf <vrf>] mroute [group] [{verbose|count}]`
+    - Show RPF interface/destination: `show ip rpf [vrf <vrf>] <address>` (source or RP)
+- PIM:
+    - Show interfaces: `show ip pim interface brief`
+    - Show neighbors: `show ip pim neighbor`
 - IGMP (IPv4):
     - Show active groups: `show ip igmp groups`
     - Show routed interface info: `show ip igmp interface <interface>`
-- IGMP snooping (IPv4):
-    - Show basic info: `show ip igmp snooping`
-    - Show mrouter interfaces: `show ip igmp snooping mrouter`
-    - Show groups interfaces: `show ip igmp snooping groups`
 - MLD (IPv6):
     - Show routed interface info: `show ipv6 mld interface <interface>`
     - Show active groups (summary): `show ipv6 mld groups summary`
     - Show active groups (detail): `show ipv6 mld groups [group-address] [interface <interface>] [detail]`
+- IGMP snooping (IPv4):
+    - Show basic info: `show ip igmp snooping`
+    - Show mrouter interfaces: `show ip igmp snooping mrouter`
+    - Show groups interfaces: `show ip igmp snooping groups`
+- MLD snooping (IPv6):
+    - **TODO**
 
 #### Configuration
 

personal-devices/applications.md

@@ -438,14 +438,16 @@ Note: Since Steam requires 32-bit (i386) variants of certain NVIDIA packages, an
 
 ## ZSH (Linux)
 
-This is my ZSH setup preference, using Oh-My-ZSH with the Powerlevel10k theme and some recommended font.
+This is my ZSH setup preference, using Oh-My-ZSH (warning: bloat) with the Powerlevel10k theme and some recommended font.
 
 1. Install ZSH:
-    1. `apt install zsh`
+    - Ubuntu: `apt install zsh`
+    - Arch: `pacman -S zsh`
 1. Install Oh-My-ZSH:
     1. See [ohmyz.sh](https://ohmyz.sh/).
     1. When it asks, set it as your default shell. This won't take effect until the next login.
 1. Setup fonts:
+    1. (Arch) See the Arch setup notes instead.
     1. Download and install the suggested fonts (MesloLGS NF): [Fonts (powerlevel10k)](https://github.com/romkatv/powerlevel10k#fonts)
         - For manual installation, move the `.ttf` files to `/usr/share/fonts/TTF/`.
         - For KDE Plasma, download and open with the font installer.