model G |S |C = Customized |T = Tailored | |server | |edge | What When Where Who (iRoles) i=institutions nw l7 Customized * i-goodg (480, 212) | STANDARDS ^ [ DISCRETE - Counting ] [ CONTINUOUS - Measuring ] * i-ncbc | ^ sl1 (SaaS) (Continuous Consumption) | ^ sl2b, sl2c (SaaS) (Continuous Delivery) Educate/Train | ^ sl3h (SaaS, PaaS) (Continuous Support) Tech Support | ^ sl4o (PaaS, IaaS) (Continuous Sustainment) Operate | ^ sl5e (IaaS) (Continuous Optimzation) Engineer | ^ sl6a (Continuous Improvement) Architect | sl7g >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> (Continuous Alignment) Governance * i-minenterprise (IT SOLUTION DELIVERY, Architecture, Engineering, Operations) MINE * i-kaliber (203) * i-playsometv (480) * i-halleweb (480) * i-ncbc (480) t=technology iRole, Host, VM, NW, * t-0a3 (env variables) sl5e, host (h#), server (a3)IP,Time,repo dns, url, gateway, cidr, time, rp) * t-0d12 (env variables) * t-0n25 (env variables) Who - iRoles sl1 = support layer 1 (Self Service) sl2 = support layer 2 (Business ^/ Call Center v sl3 = support layer 3 (Call Center / Helpdesk) sl4 = support layer 4 (Adminops) sl5 = support layer 5 (Engineering) sl6 = support layer 6 (Architecture) sl7 = support layer 7 (Governance) G |S |C = Customized |T = Tailored What When Where Who org |goodg |mine |ncbc |web (sl1 ) ----------------- FIDO2 Slot Requirement 1. Call Sign 2. PIN ssh-keygen -t ed25519-sk -O resident -O verify-required -f /home/user/.ssh/id_my_example_1sk ssh-copy-id -i /home/user/.ssh/id_my_example_1sk.pub -o IdentitiesOnly=yes user@192.168.122.96 ssh -i /home/user/.ssh/id_my_example_1sk -o IdentitiesOnly=yes user@192.168.122.96 # USE THIS ssh-copy-id -i ~/.ssh/id_king_midas_1sk.pub user@192.168.122.2 ssh -i ~/.ssh/id_king_midas_1sk user@192.168.122.2 Curve | Private Key | Signature | Security Level (ed25519, 32bytes private key, 64 byte signature, 128-bit Security Level) (ed448, 57bytes, 114bytes, 224-bit) ----------------- Run a Linux Command in the Background To run a command in the background, add the ampersand symbol (&) at the end of the command: command & ----------------- on debian apt install iptables-persistent iptables -A OUTPUT -p udp --dport 51820 -j ACCEPT iptables -D OUTPUT -p udp --dport 51820 -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -I OUTPUT -p udp --dport 51820 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sh -c '/sbin/iptables-save > /etc/iptables/rules.v4' # Check port on host # check tcp port nc -zv 147.189.168.212 51820 # Check UDP port nc -zv -u 147.189.168.212 51820 Example: rsync rsync -Pav -e "ssh -i /home/user/.ssh/id_red_penguin" root@red-penguin-60185.zap.cloud:/mnt/mine/containerdata/dlrepo /mnt/mine/data/zap1 rsync -Pav -e "ssh -i /home/user/.ssh/id_red_penguin" root@red-penguin-60185.zap.cloud:/etc/caddy/Caddyfile /mnt/mine/data/zap1/Caddyfile Proxmox # Remove Cluster systemctl stop pve-cluster corosync pmxcfs -l rm -rf /etc/corosync/* rm -rf /etc/pve/corosync.conf killall pmxcfs systemctl start pve-cluster # Path to logo /usr/share/pve-manager/images/proxmox_logo.png # compress pdf (ghostscript must be installed. Change configuration.nix) PATTERN: ps2pdf -dPDFSETTINGS=/ebook input.pdf output.pdf EXAMPLE: ps2pdf -dPDFSETTINGS=/ebook ncbc-bulletin-2025.09.25.pdf ncbc-bulletin-2025.09.25v4.pdf # mount fstab virtiofs synergy /home/user/synergy virtioofs rw, relatime 0 0 ############################## troublshooting newt 1. network reachabililtyy nslookup from newt # From newt container test UDP connectity to pangolin server endpoint nc -vzu 172.203.233.162 51820 ############################### Approach: Spit DNS over Pure nat Disable Reflection for port forwards & Automati outbound NAT for Reflection Firewall > Settings > Advance > [ ] Reflection for port forward (uncheck) [ ] Automatic outbound NAT for Reflection (uncheck) ############################### Debian Set Time / Proxmox Shell: date --set "YYYY-MM-DD HH:MM:SS" and then hwclock --systohc to update hardware cloc