User:Acmeraptor: Difference between revisions

hopp-rsk-ddt01 Test log and notes

https://community-scripts.github.io/ProxmoxVE/scripts?id=post-pve-install&ategory=Proxmox+%26+Virtualization download non-enterprise proxmox updates

bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/tools/pve/post-pve-install.sh)"

pve script

1. !/usr/bin/env bash

1. Copyright (c) 2021-2025 tteck
2. Author: tteckster | MickLesk (CanbiZ)
3. License: MIT
4. https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE

header_info() {

 clear
 cat <<"EOF"
   ____ _    ________   ____             __     ____           __        ____
  / __ \ |  / / ____/  / __ \____  _____/ /_   /  _/___  _____/ /_____ _/ / /
 / /_/ / | / / __/    / /_/ / __ \/ ___/ __/   / // __ \/ ___/ __/ __ `/ / /
/ ____/| |/ / /___   / ____/ /_/ (__  ) /_   _/ // / / (__  ) /_/ /_/ / / /

/_/ |___/_____/ /_/ \____/____/\__/ /___/_/ /_/____/\__/\__,_/_/_/

EOF }

RD=$(echo "\033[01;31m") YW=$(echo "\033[33m") GN=$(echo "\033[1;92m") CL=$(echo "\033[m") BFR="\\r\\033[K" HOLD="-" CM="${GN}✓${CL}" CROSS="${RD}✗${CL}"

set -euo pipefail shopt -s inherit_errexit nullglob

msg_info() {

 local msg="$1"
 echo -ne " ${HOLD} ${YW}${msg}..."

}

msg_ok() {

 local msg="$1"
 echo -e "${BFR} ${CM} ${GN}${msg}${CL}"

}

msg_error() {

 local msg="$1"
 echo -e "${BFR} ${CROSS} ${RD}${msg}${CL}"

}

get_pve_version() {

 local pve_ver
 pve_ver="$(pveversion | awk -F'/' '{print $2}' | awk -F'-' '{print $1}')"
 echo "$pve_ver"

}

get_pve_major_minor() {

 local ver="$1"
 local major minor
 IFS='.' read -r major minor _ <<<"$ver"
 echo "$major $minor"

}

component_exists_in_sources() {

 local component="$1"
 grep -h -E "^[^#]*Components:[^#]*\b${component}\b" /etc/apt/sources.list.d/*.sources 2>/dev/null | grep -q .

}

main() {

 header_info
 echo -e "\nThis script will Perform Post Install Routines.\n"
 while true; do
   read -p "Start the Proxmox VE Post Install Script (y/n)? " yn
   case $yn in
   [Yy]*) break ;;
   [Nn]*)
     clear
     exit
     ;;
   *) echo "Please answer yes or no." ;;
   esac
 done

 local PVE_VERSION PVE_MAJOR PVE_MINOR
 PVE_VERSION="$(get_pve_version)"
 read -r PVE_MAJOR PVE_MINOR <<<"$(get_pve_major_minor "$PVE_VERSION")"

 if "$PVE_MAJOR" == "8" ; then
   if ((PVE_MINOR < 0 || PVE_MINOR > 9)); then
     msg_error "Unsupported Proxmox 8 version"
     exit 1
   fi
   start_routines_8
 elif "$PVE_MAJOR" == "9" ; then
   if ((PVE_MINOR < 0 || PVE_MINOR > 1)); then
     msg_error "Only Proxmox 9.0-9.1.x is currently supported"
     exit 1
   fi
   start_routines_9
 else
   msg_error "Unsupported Proxmox VE major version: $PVE_MAJOR"
   echo -e "Supported: 8.0–8.9.x and 9.0–9.1.x"
   exit 1
 fi

}

start_routines_8() {

 header_info

 # === Bookworm/8.x: .list-Files ===
 CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "SOURCES" --menu "The package manager will use the correct sources to update and install packages on your Proxmox VE server.\n \nCorrect Proxmox VE sources?" 14 58 2 \
   "yes" " " \
   "no" " " 3>&2 2>&1 1>&3)
 case $CHOICE in
 yes)
   msg_info "Correcting Proxmox VE Sources"
   cat <<EOF >/etc/apt/sources.list

deb http://deb.debian.org/debian bookworm main contrib deb http://deb.debian.org/debian bookworm-updates main contrib deb http://security.debian.org/debian-security bookworm-security main contrib EOF

   echo 'APT::Get::Update::SourceListWarnings::NonFreeFirmware "false";' >/etc/apt/apt.conf.d/no-bookworm-firmware.conf
   msg_ok "Corrected Proxmox VE Sources"
   ;;
 no) msg_error "Selected no to Correcting Proxmox VE Sources" ;;
 esac

 CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "PVE-ENTERPRISE" --menu "The 'pve-enterprise' repository is only available to users who have purchased a Proxmox VE subscription.\n \nDisable 'pve-enterprise' repository?" 14 58 2 \
   "yes" " " \
   "no" " " 3>&2 2>&1 1>&3)
 case $CHOICE in
 yes)
   msg_info "Disabling 'pve-enterprise' repository"
   cat <<EOF >/etc/apt/sources.list.d/pve-enterprise.list

1. deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise

EOF

   msg_ok "Disabled 'pve-enterprise' repository"
   ;;
 no) msg_error "Selected no to Disabling 'pve-enterprise' repository" ;;
 esac

 CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "PVE-NO-SUBSCRIPTION" --menu "The 'pve-no-subscription' repository provides access to all of the open-source components of Proxmox VE.\n \nEnable 'pve-no-subscription' repository?" 14 58 2 \
   "yes" " " \
   "no" " " 3>&2 2>&1 1>&3)
 case $CHOICE in
 yes)
   msg_info "Enabling 'pve-no-subscription' repository"
   cat <<EOF >/etc/apt/sources.list.d/pve-install-repo.list

deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription EOF

   msg_ok "Enabled 'pve-no-subscription' repository"
   ;;
 no) msg_error "Selected no to Enabling 'pve-no-subscription' repository" ;;
 esac

 CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "CEPH PACKAGE REPOSITORIES" --menu "The 'Ceph Package Repositories' provides access to both the 'no-subscription' and 'enterprise' repositories (initially disabled).\n \nCorrect 'ceph package sources?" 14 58 2 \
   "yes" " " \
   "no" " " 3>&2 2>&1 1>&3)
 case $CHOICE in
 yes)
   msg_info "Correcting 'ceph package repositories'"
   cat <<EOF >/etc/apt/sources.list.d/ceph.list

1. deb https://enterprise.proxmox.com/debian/ceph-quincy bookworm enterprise
2. deb http://download.proxmox.com/debian/ceph-quincy bookworm no-subscription
3. deb https://enterprise.proxmox.com/debian/ceph-reef bookworm enterprise
4. deb http://download.proxmox.com/debian/ceph-reef bookworm no-subscription

EOF

   msg_ok "Corrected 'ceph package repositories'"
   ;;
 no) msg_error "Selected no to Correcting 'ceph package repositories'" ;;
 esac

 CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "PVETEST" --menu "The 'pvetest' repository can give advanced users access to new features and updates before they are officially released.\n \nAdd (Disabled) 'pvetest' repository?" 14 58 2 \
   "yes" " " \
   "no" " " 3>&2 2>&1 1>&3)
 case $CHOICE in
 yes)
   msg_info "Adding 'pvetest' repository and set disabled"
   cat <<EOF >/etc/apt/sources.list.d/pvetest-for-beta.list

1. deb http://download.proxmox.com/debian/pve bookworm pvetest

EOF

   msg_ok "Added 'pvetest' repository"
   ;;
 no) msg_error "Selected no to Adding 'pvetest' repository" ;;
 esac

 post_routines_common

}

start_routines_9() {

 header_info

 # check if deb822 Sources (*.sources) exist
 if find /etc/apt/sources.list.d/ -maxdepth 1 -name '*.sources' | grep -q .; then
   whiptail --backtitle "Proxmox VE Helper Scripts" --title "Deb822 sources detected" \
     --msgbox "Modern deb822 sources (*.sources) already exist.\n\nNo changes to sources format required.\n\nYou may still have legacy sources.list or .list files, which you can disable in the next step." 12 65 || true
 else
   check_and_disable_legacy_sources() {
     local LEGACY_COUNT=0
     local listfile="/etc/apt/sources.list"

     # Check sources.list
     if -f "$listfile"  && grep -qE '^\s*deb ' "$listfile"; then
       ((++LEGACY_COUNT))
     fi

     # Check .list files
     local list_files
     list_files=$(find /etc/apt/sources.list.d/ -type f -name "*.list" 2>/dev/null)
     if -n "$list_files" ; then
       LEGACY_COUNT=$((LEGACY_COUNT + $(echo "$list_files" | wc -l)))
     fi

     if ((LEGACY_COUNT > 0)); then
       # Show summary to user
       local MSG="Legacy APT sources found:\n"
       -f "$listfile"  && MSG+=" - /etc/apt/sources.list\n"
       -n "$list_files"  && MSG+="$(echo "$list_files" | sed 's|^| - |')\n"
       MSG+="\nDo you want to disable (comment out/rename) all legacy sources and use ONLY deb822 .sources format?\n\nRecommended for Proxmox VE 9."

       whiptail --backtitle "Proxmox VE Helper Scripts" --title "Disable legacy sources?" \
         --yesno "$MSG" 18 80
       if $? -eq 0 ; then
         # Backup and disable sources.list
         if -f "$listfile"  && grep -qE '^\s*deb ' "$listfile"; then
           cp "$listfile" "$listfile.bak"
           sed -i '/^\s*deb /s/^/# Disabled by Proxmox Helper Script /' "$listfile"
           msg_ok "Disabled entries in sources.list (backup: sources.list.bak)"
         fi
         # Rename all .list files to .list.bak
         if -n "$list_files" ; then
           while IFS= read -r f; do
             mv "$f" "$f.bak"
           done <<<"$list_files"
           msg_ok "Renamed legacy .list files to .bak"
         fi
       else
         msg_error "Kept legacy sources as-is (may cause APT warnings)"
       fi
     fi
   }

   check_and_disable_legacy_sources
   # === Trixie/9.x: deb822 .sources ===
   CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "SOURCES" --menu \
     "The package manager will use the correct sources to update and install packages on your Proxmox VE 9 server.\n\nMigrate to deb822 sources format?" 14 58 2 \
     "yes" " " \
     "no" " " 3>&2 2>&1 1>&3)
   case $CHOICE in
   yes)
     msg_info "Correcting Proxmox VE Sources (deb822)"
     # remove all existing .list files
     rm -f /etc/apt/sources.list.d/*.list
     # remove bookworm and proxmox entries from sources.list
     sed -i '/proxmox/d;/bookworm/d' /etc/apt/sources.list || true
     # Create new deb822 sources
     cat >/etc/apt/sources.list.d/debian.sources <<EOF

Types: deb URIs: http://deb.debian.org/debian Suites: trixie Components: main contrib Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb URIs: http://security.debian.org/debian-security Suites: trixie-security Components: main contrib Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb URIs: http://deb.debian.org/debian Suites: trixie-updates Components: main contrib Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg EOF

     msg_ok "Corrected Proxmox VE 9 (Trixie) Sources"
     ;;
   no) msg_error "Selected no to Correcting Proxmox VE Sources" ;;
   esac
 fi

 # ---- PVE-ENTERPRISE ----
 if component_exists_in_sources "pve-enterprise"; then
   CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" \
     --title "PVE-ENTERPRISE" \
     --menu "'pve-enterprise' repository already exists.\n\nWhat do you want to do?" 14 58 2 \
     "keep" "Keep as is" \
     "disable" "Comment out (disable) this repo" \
     "delete" "Delete this repo file" \
     3>&2 2>&1 1>&3)
   case $CHOICE in
   keep)
     msg_ok "Kept 'pve-enterprise' repository"
     ;;
   disable)
     msg_info "Disabling 'pve-enterprise' repository"
     # Use Enabled: false instead of commenting to avoid malformed entry
     for file in /etc/apt/sources.list.d/*.sources; do
       if grep -q "Components:.*pve-enterprise" "$file"; then
         if grep -q "^Enabled:" "$file"; then
           sed -i 's/^Enabled:.*/Enabled: false/' "$file"
         else
           echo "Enabled: false" >>"$file"
         fi
       fi
     done
     msg_ok "Disabled 'pve-enterprise' repository"
     ;;
   delete)
     msg_info "Deleting 'pve-enterprise' repository file"
     for file in /etc/apt/sources.list.d/*.sources; do
       if grep -q "Components:.*pve-enterprise" "$file"; then
         rm -f "$file"
       fi
     done
     msg_ok "Deleted 'pve-enterprise' repository file"
     ;;
   esac
 else
   CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" \
     --title "PVE-ENTERPRISE" \
     --menu "The 'pve-enterprise' repository is only available to users who have purchased a Proxmox VE subscription.\n\nAdd 'pve-enterprise' repository (deb822)?" 14 58 2 \
     "no" " " \
     "yes" " " \
     --default-item "no" \
     3>&2 2>&1 1>&3)
   case $CHOICE in
   yes)
     msg_info "Adding 'pve-enterprise' repository (deb822)"
     cat >/etc/apt/sources.list.d/pve-enterprise.sources <<EOF

Types: deb URIs: https://enterprise.proxmox.com/debian/pve Suites: trixie Components: pve-enterprise Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg EOF

     msg_ok "Added 'pve-enterprise' repository"
     ;;
   no) msg_error "Selected no to Adding 'pve-enterprise' repository" ;;
   esac
 fi

 # ---- CEPH-ENTERPRISE ----
 if grep -q "enterprise.proxmox.com.*ceph" /etc/apt/sources.list.d/*.sources 2>/dev/null; then
   CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" \
     --title "CEPH-ENTERPRISE" \
     --menu "'ceph enterprise' repository already exists.\n\nWhat do you want to do?" 14 58 2 \
     "keep" "Keep as is" \
     "disable" "Comment out (disable) this repo" \
     "delete" "Delete this repo file" \
     3>&2 2>&1 1>&3)
   case $CHOICE in
   keep)
     msg_ok "Kept 'ceph enterprise' repository"
     ;;
   disable)
     msg_info "Disabling 'ceph enterprise' repository"
     # Use Enabled: false instead of commenting to avoid malformed entry
     for file in /etc/apt/sources.list.d/*.sources; do
       if grep -q "enterprise.proxmox.com.*ceph" "$file"; then
         if grep -q "^Enabled:" "$file"; then
           sed -i 's/^Enabled:.*/Enabled: false/' "$file"
         else
           echo "Enabled: false" >>"$file"
         fi
       fi
     done
     msg_ok "Disabled 'ceph enterprise' repository"
     ;;
   delete)
     msg_info "Deleting 'ceph enterprise' repository file"
     for file in /etc/apt/sources.list.d/*.sources; do
       if grep -q "enterprise.proxmox.com.*ceph" "$file"; then
         rm -f "$file"
       fi
     done
     msg_ok "Deleted 'ceph enterprise' repository file"
     ;;
   esac
 fi

 # ---- PVE-NO-SUBSCRIPTION ----
 REPO_FILE=""
 REPO_ACTIVE=0
 REPO_COMMENTED=0
 for file in /etc/apt/sources.list.d/*.sources; do
   if grep -q "Components:.*pve-no-subscription" "$file"; then
     REPO_FILE="$file"
     if grep -E '^[^#]*Components:.*pve-no-subscription' "$file" >/dev/null; then
       REPO_ACTIVE=1
     elif grep -E '^#.*Components:.*pve-no-subscription' "$file" >/dev/null; then
       REPO_COMMENTED=1
     fi
     break
   fi
 done

 if "$REPO_ACTIVE" -eq 1 ; then
   CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" \
     --title "PVE-NO-SUBSCRIPTION" \
     --menu "'pve-no-subscription' repository is currently ENABLED.\n\nWhat do you want to do?" 14 58 3 \
     "keep" "Keep as is" \
     "disable" "Comment out (disable)" \
     "delete" "Delete repo file" \
     3>&2 2>&1 1>&3)
   case $CHOICE in
   keep)
     msg_ok "Kept 'pve-no-subscription' repository"
     ;;
   disable)
     msg_info "Disabling (commenting) 'pve-no-subscription' repository"
     sed -i '/^\s*Types:/,/^$/s/^\([^#].*\)$/# \1/' "$REPO_FILE"
     msg_ok "Disabled 'pve-no-subscription' repository"
     ;;
   delete)
     msg_info "Deleting 'pve-no-subscription' repository file"
     rm -f "$REPO_FILE"
     msg_ok "Deleted 'pve-no-subscription' repository file"
     ;;
   esac

 elif "$REPO_COMMENTED" -eq 1 ; then
   CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" \
     --title "PVE-NO-SUBSCRIPTION" \
     --menu "'pve-no-subscription' repository is currently DISABLED (commented out).\n\nWhat do you want to do?" 14 58 3 \
     "enable" "Uncomment (enable)" \
     "keep" "Keep disabled" \
     "delete" "Delete repo file" \
     3>&2 2>&1 1>&3)
   case $CHOICE in
   enable)
     msg_info "Enabling (uncommenting) 'pve-no-subscription' repository"
     sed -i '/^#\s*Types:/,/^$/s/^#\s*//' "$REPO_FILE"
     msg_ok "Enabled 'pve-no-subscription' repository"
     ;;
   keep)
     msg_ok "Kept 'pve-no-subscription' repository disabled"
     ;;
   delete)
     msg_info "Deleting 'pve-no-subscription' repository file"
     rm -f "$REPO_FILE"
     msg_ok "Deleted 'pve-no-subscription' repository file"
     ;;
   esac
 else
   CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "PVE-NO-SUBSCRIPTION" \
     --menu "The 'pve-no-subscription' repository provides access to all of the open-source components of Proxmox VE.\n\nAdd 'pve-no-subscription' repository (deb822)?" 14 58 2 \
     "yes" " " \
     "no" " " 3>&2 2>&1 1>&3)
   case $CHOICE in
   yes)
     msg_info "Adding 'pve-no-subscription' repository (deb822)"
     cat >/etc/apt/sources.list.d/proxmox.sources <<EOF

Types: deb URIs: http://download.proxmox.com/debian/pve Suites: trixie Components: pve-no-subscription Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg EOF

     msg_ok "Added 'pve-no-subscription' repository"
     ;;
   no) msg_error "Selected no to Adding 'pve-no-subscription' repository" ;;
   esac
 fi

 # ---- CEPH ----
 if component_exists_in_sources "no-subscription"; then
   msg_ok "'ceph' package repository (no-subscription) already exists (skipped)"
 else
   CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "CEPH PACKAGE REPOSITORIES" \
     --menu "The 'Ceph Package Repositories' provides access to both the 'no-subscription' and 'enterprise' repositories (deb822).\n\nAdd 'ceph package sources?" 14 58 2 \
     "yes" " " \
     "no" " " 3>&2 2>&1 1>&3)
   case $CHOICE in
   yes)
     msg_info "Adding 'ceph package repositories' (deb822)"
     cat >/etc/apt/sources.list.d/ceph.sources <<EOF

Types: deb URIs: http://download.proxmox.com/debian/ceph-squid Suites: trixie Components: no-subscription Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg EOF

     msg_ok "Added 'ceph package repositories'"
     ;;
   no)
     msg_error "Selected no to Adding 'ceph package repositories'"
     # Use Enabled: false for .sources files, comment for .list files
     for file in /etc/apt/sources.list.d/*.sources; do
       if grep -q "enterprise.proxmox.com.*ceph" "$file" 2>/dev/null; then
         if grep -q "^Enabled:" "$file"; then
           sed -i 's/^Enabled:.*/Enabled: false/' "$file"
         else
           echo "Enabled: false" >>"$file"
         fi
       fi
     done
     find /etc/apt/sources.list.d/ -type f -name "*.list" \
       -exec sed -i '/enterprise.proxmox.com.*ceph/s/^/# /' {} \;
     msg_ok "Disabled all Ceph Enterprise repositories"
     ;;
   esac
 fi

 # ---- PVETEST ----
 if component_exists_in_sources "pve-test"; then
   msg_ok "'pve-test' repository already exists (skipped)"
 else
   CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "PVETEST" \
     --menu "The 'pve-test' repository can give advanced users access to new features and updates before they are officially released.\n\nAdd (Disabled) 'pvetest' repository (deb822)?" 14 58 2 \
     "yes" " " \
     "no" " " 3>&2 2>&1 1>&3)
   case $CHOICE in
   yes)
     msg_info "Adding 'pve-test' repository (deb822, disabled)"
     cat >/etc/apt/sources.list.d/pve-test.sources <<EOF

Types: deb URIs: http://download.proxmox.com/debian/pve Suites: trixie Components: pve-test Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg Enabled: false EOF

     msg_ok "Added 'pve-test' repository"
     ;;
   no) msg_error "Selected no to Adding 'pvetest' repository" ;;
   esac
 fi

 post_routines_common

}

post_routines_common() {

 CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "SUBSCRIPTION NAG" --menu "This will disable the nag message reminding you to purchase a subscription every time you log in to the web interface.\n \nDisable subscription nag?" 14 58 2 \
   "yes" " " \
   "no" " " 3>&2 2>&1 1>&3)
 case $CHOICE in
 yes)
   whiptail --backtitle "Proxmox VE Helper Scripts" --msgbox --title "Support Subscriptions" "Supporting the software's development team is essential. Check their official website's Support Subscriptions for pricing. Without their dedicated work, we wouldn't have this exceptional software." 10 58
   msg_info "Disabling subscription nag"
   # Create external script, this is needed because DPkg::Post-Invoke is fidly with quote interpretation
   mkdir -p /usr/local/bin
   cat >/usr/local/bin/pve-remove-nag.sh <<'EOF'

1. !/bin/sh

WEB_JS=/usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js if [ -s "$WEB_JS" ] && ! grep -q NoMoreNagging "$WEB_JS"; then

   echo "Patching Web UI nag..."
   sed -i -e "/data\.status/ s/!//" -e "/data\.status/ s/active/NoMoreNagging/" "$WEB_JS"

fi

MOBILE_TPL=/usr/share/pve-yew-mobile-gui/index.html.tpl MARKER="" if [ -f "$MOBILE_TPL" ] && ! grep -q "$MARKER" "$MOBILE_TPL"; then

   echo "Patching Mobile UI nag..."
   printf "%s\n" \
     "$MARKER" \
     "<script>" \
     "  function removeSubscriptionElements() {" \
     "    // --- Remove subscription dialogs ---" \
     "    const dialogs = document.querySelectorAll('dialog.pwt-outer-dialog');" \
     "    dialogs.forEach(dialog => {" \
     "      const text = (dialog.textContent || ).toLowerCase();" \
     "      if (text.includes('subscription')) {" \
     "        dialog.remove();" \
     "        console.log('Removed subscription dialog');" \
     "      }" \
     "    });" \
     "" \
     "    // --- Remove subscription cards, but keep Reboot/Shutdown/Console ---" \
     "    const cards = document.querySelectorAll('.pwt-card.pwt-p-2.pwt-d-flex.pwt-interactive.pwt-justify-content-center');" \
     "    cards.forEach(card => {" \
     "      const text = (card.textContent || ).toLowerCase();" \
     "      const hasButton = card.querySelector('button');" \
     "      if (!hasButton && text.includes('subscription')) {" \
     "        card.remove();" \
     "        console.log('Removed subscription card');" \
     "      }" \
     "    });" \
     "  }" \
     "" \
     "  const observer = new MutationObserver(removeSubscriptionElements);" \
     "  observer.observe(document.body, { childList: true, subtree: true });" \
     "  removeSubscriptionElements();" \
     "  setInterval(removeSubscriptionElements, 300);" \
     "  setTimeout(() => {observer.disconnect();}, 10000);" \
     "</script>" \
     "" >> "$MOBILE_TPL"

fi EOF

   chmod 755 /usr/local/bin/pve-remove-nag.sh

   cat >/etc/apt/apt.conf.d/no-nag-script <<'EOF'

DPkg::Post-Invoke { "/usr/local/bin/pve-remove-nag.sh"; }; EOF

   chmod 644 /etc/apt/apt.conf.d/no-nag-script

   msg_ok "Disabled subscription nag (Delete browser cache)"
   ;;
 no)
   whiptail --backtitle "Proxmox VE Helper Scripts" --msgbox --title "Support Subscriptions" "Supporting the software's development team is essential. Check their official website's Support Subscriptions for pricing. Without their dedicated work, we wouldn't have this exceptional software." 10 58
   msg_error "Selected no to Disabling subscription nag"
   rm /etc/apt/apt.conf.d/no-nag-script 2>/dev/null
   ;;
 esac
 apt --reinstall install proxmox-widget-toolkit &>/dev/null || msg_error "Widget toolkit reinstall failed"
 if ! systemctl is-active --quiet pve-ha-lrm; then
   CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "HIGH AVAILABILITY" --menu "Enable high availability?" 10 58 2 \
     "yes" " " \
     "no" " " 3>&2 2>&1 1>&3)
   case $CHOICE in
   yes)
     msg_info "Enabling high availability"
     systemctl enable -q --now pve-ha-lrm
     systemctl enable -q --now pve-ha-crm
     systemctl enable -q --now corosync
     msg_ok "Enabled high availability"
     ;;
   no) msg_error "Selected no to Enabling high availability" ;;
   esac
 fi

 if systemctl is-active --quiet pve-ha-lrm; then
   CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "HIGH AVAILABILITY" --menu "If you plan to utilize a single node instead of a clustered environment, you can disable unnecessary high availability (HA) services, thus reclaiming system resources.\n\nIf HA becomes necessary at a later stage, the services can be re-enabled.\n\nDisable high availability?" 18 58 2 \
     "yes" " " \
     "no" " " 3>&2 2>&1 1>&3)
   case $CHOICE in
   yes)
     msg_info "Disabling high availability"
     systemctl disable -q --now pve-ha-lrm
     systemctl disable -q --now pve-ha-crm
     msg_ok "Disabled high availability"
     CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "COROSYNC" --menu "Disable Corosync for a Proxmox VE Cluster?" 10 58 2 \
       "yes" " " \
       "no" " " 3>&2 2>&1 1>&3)
     case $CHOICE in
     yes)
       msg_info "Disabling Corosync"
       systemctl disable -q --now corosync
       msg_ok "Disabled Corosync"
       ;;
     no) msg_error "Selected no to Disabling Corosync" ;;
     esac
     ;;
   no) msg_error "Selected no to Disabling high availability" ;;
   esac
 fi

 CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "UPDATE" --menu "\nUpdate Proxmox VE now?" 11 58 2 \
   "yes" " " \
   "no" " " 3>&2 2>&1 1>&3)
 case $CHOICE in
 yes)
   msg_info "Updating Proxmox VE (Patience)"
   apt update &>/dev/null || msg_error "apt update failed"
   apt -y dist-upgrade &>/dev/null || msg_error "apt dist-upgrade failed"
   msg_ok "Updated Proxmox VE"
   ;;
 no) msg_error "Selected no to Updating Proxmox VE" ;;
 esac

 # Final message for all hosts in cluster and browser cache
 whiptail --backtitle "Proxmox VE Helper Scripts" --title "Post-Install Reminder" --msgbox \
   "IMPORTANT:

If you have multiple Proxmox VE hosts in a cluster, please make sure to run this script on every node individually.

After completing these steps, it is strongly recommended to REBOOT your node.

After the upgrade or post-install routines, always clear your browser cache or perform a hard reload (Ctrl+Shift+R) before using the Proxmox VE Web UI to avoid UI display issues. " 20 80

 CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "REBOOT" --menu "\nReboot Proxmox VE now? (recommended)" 11 58 2 \
   "yes" " " \
   "no" " " 3>&2 2>&1 1>&3)
 case $CHOICE in
 yes)
   msg_info "Rebooting Proxmox VE"
   sleep 2
   msg_ok "Completed Post Install Routines"
   reboot
   ;;
 no)
   msg_error "Selected no to Rebooting Proxmox VE (Reboot recommended)"
   msg_ok "Completed Post Install Routines"
   ;;
 esac

}

main

Food

Menus

• Albert Lea, MN
  • Abelardo's
  • Jersey Mike's

• Casper, WY
  • Little Shop of Burgers
  • Poncho's
  • Peach's

• Mason City, IA
  • Awe'z
  • Birdsall's
  • Blue Heron B&G
  • LD's Filling Station
  • Northwestern Steakhouse
  • Pasta Bella
  • South Shore Donut Co
  • State Street Deli
  • Village Court

• Phoenix, AZ
  • Burrito Company
  • Giant Hamburger
  • Los Taquitos
  • Niro's Gyros

• Vancouver, WA
  • No entry yet

Recipes

• It Doesn't Taste Like Chicken

Grandma's Fudge

• Ingredients
  • 2 cups (12oz) semi sweet chocolate bits
  • 3 packages german sweet chocolate
  • 1 8oz jar? marchmallow creme
  • 2 cups broken nut meat
  • 4 1/2 cups sugar
  • 1/8 teaspoon salt
  • 2 tablespoons butter
  • 1 tall can evaporated milk

• Instructions
  • combine chocolate bits, sweet chocolate, marshmallow creme, and walnuts in a large bowl
  • combine sugar, butter, salt, and evaporated milk in large heavy saucepan, heat to boiling
  • !!! Get better pictures of the card dad has in order to write this up cleanly !!!

MariaDB

Use if PHPMyAdmin is not running:

CREATE DATABASE my_wiki;
CREATE USER 'wikiuser'@'localhost' IDENTIFIED BY 'database_password';
GRANT ALL PRIVILEGES ON my_wiki.* TO 'wikiuser'@'localhost' WITH GRANT OPTION;

• Note: Now that I have VaultWarden running, usernames and passwords will be managed through it. Also, vault should **ONLY** work with VPN access.

Mobile

Software and information about GrapheneOS. GrapheneOS only runs on Google devices currently, phones and tablets.

Software

• JuiceSSH

Tips

• Pressing power+volume up buttons to switch from an audible ring tone to vibrate (or mute) is enabled by default, causing missed important phone calls and text messages.

To modify, go to Settings > Sound & vibration > Shortcut to prevent ringing

• Auto dimming has been an annoyance, it is supposed to learn tendencies/preference yet keeps dimming too low in low light conditions.

To modify, go to Settings > Display > Adaptive brightness

Read

Comms

Closed Network podcaset, move this section later. I'm not sure where to put it right now. Matrix

Firearms

• FiveseveNForum
• FNForum
• Sniper's Hide

Locksport

• ALOA
• LockCodes
• LockWiki
• Safecracker Support Forum
• AutoProPad
• Remote Programming

Misc

• Brave Shortcuts
• Firefox Shortcuts
• Gutenberg Press
• Internet Archive Downloader
• Mint Shortcuts
• Ubuntu Shortcuts
• Wiki CSS
• ¯\_(ツ)_/¯

Server

• Debian Forums

Servers

Notes on server names and functions for planned future use.

dell

https://www.greenpcgamers.com/dell/dell-poweredge-rack/poweredge-13th-gen-rackmount-servers/poweredge-r730-r730xd-hardware-upgrade-guide/

Up to 2 x QC Xeon E5-2637 V4 3.5Ghz 15MB 9.6GTs Processor | 3.7Ghz Max Turbo Frequency (SR2P3)

Up to 2 x 6C Xeon E5-2643 V4 3.40Ghz 20MB 9.6GTs Processor | 3.7Ghz Max Turbo Frequency (SR2P4)

Up to 2 x 8C Xeon E5-2667 V4 3.2Ghz 25MB 9.6GTs Processor | 3.6Ghz Max Turbo Frequency (SR2P5)

Up to 2 x 10C Xeon E5-2640 V4 2.40Ghz 25MB 8GTs Processor | 3.4Ghz Max Turbo Frequency (SR2NZ)

Up to 2 x 12C Xeon E5-2687W V4 3.0Ghz 30MB 9.6GTs Processor | 3.5Ghz Max Turbo Frequency (SR2NA)

Up to 2 x 14C Xeon E5-2690 V4 2.6Ghz 35MB 9.6GTs Processor | 3.5Ghz Max Turbo Frequency (SR2N2)

Up to 2 x 18C Xeon E5-2697 V4 2.3Ghz 45MB 9.6GTs Processor | 3.6Ghz Max Turbo Frequency (SR2JV)

Up to 2 x 18C Xeon E5-2698 V4 2.2Ghz 50MB 9.6GTs Processor | 3.6Ghz Max Turbo Frequency (SR2JW)

Up to 2 x 22C Xeon E5-2699 V4 2.2Ghz 55MB 9.6GTs Processor | 3.6Ghz Max Turbo Frequency (SR2JS

HP

HP supplied software https://support.hpe.com/connect/s/search?language=en_US#q=dl360%20gen9&t=All&sort=relevancy&numberOfResults=25&archive=false

https://www.toolify.ai/hardware/maximize-your-hp-proliant-dl-360-gen-9-server-with-the-best-processors-3021683

Compatible Processors for HP Proliant DL 360 Gen 9 Server

Low-End Processors

E5-2620v3

E5-2630v3

Value Processors

E5-2660 V3

E5-2670 V3

E5-2680 V3

High-End Processors

E5-2690 V4

E5-2695 V4

E5-2697 V4

E5-2698 V4

E5-2699 V4

Physical

• hovp-rsk-uos00 : OpenStack - Currently in use, my clunky old laptop. Consider changing from Ubuntu to Arch
• hopp-rsk-dvs01 : Debian Virtual Stack
• hopp-rsk-owr01 : OpenWRT Wireless Router - Linksys router (model noted below this page). VPN client profile rebuild still pending.

Virtual

• hovp-rsk-uss01 : Single Server - Single server holding these notes and plans, currently minimal setup of webapps.
• hovt-rsk-uws22 : WebServer - Base Jammy Jellyfish OS. Minimal setup kept updated to use as a source for cloning other virtual servers.

Upcoming

The following will be strictly for RSK Solutions and demo models for future domains like Casper307 and NIALC

• hovp-rsk-dcs01 : CommunicationServices - Dovecot/Postfix, Matrix
• hovp-rsk-udb01 : DataBase - MariaDB
• hovp-rsk-uds01 : DirectoryServices - LDAP
• hovp-rsk-ufs01 : FileServices - Nextcloud
• hovp-rsk-umc01 : MineCraft - Java game server, maybe bedrock too.
• hovp-rsk-upa01 : PrivateAppliances - phpIPAM, phpLDAPadmin, phpMyAdmin, VaultWarden
• hovp-rsk-uwa01 : WebAppliances - akaunting, ghost, gitlab, kimai2, mediawiki, opencart, osticket, phpbb, piwigo, property web builder, roundcube, wordpress

The following will be desktop environments available for use as remote appliances accessable from my home LAN and via VPN

• hovt-rsk-urd22 : Jammy Jellyfish base template
• hovt-rsk-wrd07 : Win7 base template, needs all patches up until EOL applied
• hovt-rsk-wrd11 : Win11 base template

Server Notes

These will eventually have their own individual wiki pages. For the sake of not migrating or losing notes later, they will be consolidated here.

Templates

Once a template virtual server is created, issue the following commands to pull my ACME code library from the OpenStack virtual server host's repository.

mkdir /home/rkeeling/webapps
scp -r rkeeling@10.65.30.11:/home/rkeeling/RSK\\\ Solutions/VSCode/acme /home/rkeeling/webapps

Then issue "sudo visudo" to edit the sudoers secure path to include the new acme path

Defaults        secure_path="/home/rkeeling/webapps/acme/.bin: ...

In order for this to be effective within the shell, logout and log back on. *I will change this to reloading the shell later*

At this point the scripts are executable anywhere. The following will update repositories, upgrade general packages, upgrade distribution packages (IE, kernel updates), remove old and unused packages.

sudo getallupdates

Now, set the time zone for the server. In my case, CST

sudo timedatectl set-timezone America/Chicago

The following may be ran to confirm the change to the local time

sudo timedatectl status

At this point the template is fully up to date and can be shut down. The only maintenance needed is periodically running the getallupdates script.

Any new virtual server that is needed can be cloned from these versioned release templates to significantly cut down on setup time.

Template Clone

Following the clone of a template with newly generated MAC address, update the following two files and restart to permanently change the new server's name.

sudo vi /etc/hostname
sudo vi /etc/hosts
sudo shutdown -Fr now

The appropriate installation script can be issued depending on the server's purpose.

Shop

Auto

• 1A Auto
• First Call
• O'Reilly

Firearms

• Allorings
• Ammunition To Go
• CMMG
• Dillon Precision
• FNH USA
• GG&G
• HK Parts
• Jarvis Inc
• Magpul
• Midway USA
• Mile High Shooting
• Noveske Rifleworks
• Sturmgewehr NFA
• The Vest Guy

Gear

• 5.11 Tactical
• Hazard 4
• ITS Tactical
• Triple Aught Design

Home Office

• Newegg
• URT

Locksport

• Anixter Decoder Link
• Assa Locks
• Covert Instruments
• Doyle Security
• MW Keyless
• American Key Supply
• Ultimate Security Devices
• Young Bros

Market

• Fred Meyer

Paracord Lanyards

• Black Diamond
• Paracord Planet

Reading

• Half Price Books
• Goodreads
• Thrift Books

Software

Open-source and purchased *licenses

• Audacity
• GIMP
• Handbrake
• Inkscape
• *Minecraft
  • SpigotMC
    • BuildTools
  • Bukkit
    • EssentialsX
    • LuckPerms
    • Multiverse-Core
    • PermissionsEx
    • Vault
    • ViaVersion
    • WorldEdit
    • WorldGuard
• *SecureCRT
• Ubuntu
  • Internet Archive Downloader
  • ExifTool Powerful metadata removal tool
• OpenWRT
  • OpenVPN
• *UltraEdit
• VirtualBox
• VLC
• VSCode
• Windows
• Youtube Downloader

WebApp Downloads

• Akaunting
• Ghost
• GitLab
• Kimai 2
• Matrix
• MediaWiki
  • DarkMode
  • MobileFrontend
• Minecraft Server
• NextCloud Documentation
• phpBB3
  • HiFiKabin's Extensions
• Piwigo
• OpenCart
• osTicket
• phpIPAM
• phpLDAPadmin
• phpMyAdmin
• PropertyWebBuilder
• Roundcube
• VaultWarden Nginx Config SQLite 2 MariaDB
• Wordpress

Windows VM

The VM needs a minimum of two cores and 4Gb memory to run. The following steps will bypass the hardware checks to allow Windows 11 to install:

Click next to show-up the "Install now" button; when you see the installation button, press "Shift+F10" on your keyboard at the same time to launch a command prompt. At this command prompt, type "regedit" and press enter to launch the Windows Registry Editor.

When the Registry Editor opens, navigate to "HKEY_LOCAL_MACHINE\SYSTEM\Setup", right-click on the "Setup" key and select "New => Key".

When prompted to name the key, enter "LabConfig" and press enter.

Now right-click on the "LabConfig" key and select "New => DWORD (32-bit)" value and create a value named "BypassTPMCheck", and set its data to "1". With the same steps create the "BypassRAMCheck" and "BypassSecureBootCheck" values and set also their data to "1", so it looks like the following image.

With those three values configured under the "LabConfig" key, close the "Registry Editor", and then type exit in the "Command Prompt" followed by enter to close the window. You can now click on the "Install now" button to proceed to get "Microsoft Windows 11" installed as a virtual-machine on top of VirtualBox.

VirtualBox CLI Tips

From Oracle

Screen is not needed to run these in the background, just replace "ServerName" with the instance name.

$ VBoxManage startvm ServerName --type headless
Waiting for VM "ServerName" to power on...
VM "ServerName" has been successfully started.

WRT3200ACM

This router has a dual boot partition that has several methods of switching from the A/B partitions. Also, information on for OpenVPN.

Logical

• SSH into your router
• You can see what partition is currently being booted from by running: /usr/sbin/fw_printenv -n boot_part
• Mine was booting from partition 1, I needed it to boot to partition 2.
• Tell the router which partition to boot from: /usr/sbin/fw_setenv boot_part 2
• Reboot the router by running: reboot
• Change the number "2" in step 4 to whatever partition you need. I couldn't find a command that would show what my boot options were. So I tried 0 first, which did nothing, then tried 2. Boot partition 2 was the correct one for me.

LuCI

Install the LuCI-app-advanced-reboot package. This is the easiest method.

OpenVPN

OpenWRT/OpenVPN Use this as a baseline for rewriting the scripts, as they do not work as published.

• This section is being heavily edited until I work out the kinks

Creation

This is going to be my third and final profile. The first lasted the ten years it was meant to, the second lasted three years and could not be recovered due to configuration hiccups. My personal one will be set to 100 years, far beyond my expected lifetime. Things may adjust if I allow another user access, but as of yet - no one has asked.

Install all needed apps beforehand:

opkg update

opkg install luci-app-advanced-reboot luci-app-openvpn openvpn-easy-rsa openvpn-openssl

The following four scripts can be created under the /root path and will need to be chmod to executable.

sudo chmod +x *.sh

1-preparation.sh

# Install packages
opkg update
opkg install luci-app-advanced-reboot luci-app-openvpn openvpn-easy-rsa openvpn-openssl

# Configuration parameters
VPN_DIR="/etc/openvpn"
VPN_PKI="/etc/easy-rsa/pki"
VPN_PORT="1194"
VPN_PROTO="udp"
VPN_POOL="10.65.9.0 255.255.255.0"
VPN_DNS="${VPN_POOL%.* *}.1"
VPN_DN="$(uci -q get dhcp.@dnsmasq[0].domain)"

# Fetch server address
NET_FQDN="$(uci -q get ddns.@service[0].lookup_host)"
. /lib/functions/network.sh
network_flush_cache
network_find_wan NET_IF
network_get_ipaddr NET_ADDR "${NET_IF}"
if [ -n "${NET_FQDN}" ]
then VPN_SERV="${NET_FQDN}"
else VPN_SERV="${NET_ADDR}"
fi

2-keymanagement.sh

# Work around EasyRSA issues
wget -U "" -O /tmp/easyrsa.tar.gz https://github.com/OpenVPN/easy-rsa/releases/download/v3.2.2/EasyRSA-3.2.2.tgz
tar -z -x -f /tmp/easyrsa.tar.gz

# Configuration parameters
cat << EOF > /etc/profile.d/easy-rsa.sh
export EASYRSA_PKI="${VPN_PKI}"
export EASYRSA_TEMP_DIR="/tmp"
export EASYRSA_CERT_EXPIRE="36500"
export EASYRSA_BATCH="1"
alias easyrsa="/root/EasyRSA-3.2.2/easyrsa"
EOF
. /etc/profile.d/easy-rsa.sh

# Remove and re-initialize PKI directory
easyrsa init-pki

# Generate DH parameters
easyrsa gen-dh

# Create a new CA
easyrsa build-ca nopass

# Generate server keys and certificate
easyrsa build-server-full server nopass
openvpn --genkey tls-crypt-v2-server ${EASYRSA_PKI}/private/server.pem

# Generate client keys and certificate
easyrsa build-client-full client nopass
openvpn --tls-crypt-v2 ${EASYRSA_PKI}/private/server.pem \
--genkey tls-crypt-v2-client ${EASYRSA_PKI}/private/client.pem

3-firewall.sh

# Configure firewall
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci del_list firewall.lan.device="tun+"
uci add_list firewall.lan.device="tun+"
uci -q delete firewall.ovpn
uci set firewall.ovpn="rule"
uci set firewall.ovpn.name="Allow-OpenVPN"
uci set firewall.ovpn.src="wan"
uci set firewall.ovpn.dest_port="${VPN_PORT}"
uci set firewall.ovpn.proto="${VPN_PROTO}"
uci set firewall.ovpn.target="ACCEPT"
uci commit firewall
service firewall restart

4-vpnservice.sh

# Configure VPN service and generate client profiles
umask go=
VPN_DH="$(cat ${VPN_PKI}/dh.pem)"
VPN_CA="$(openssl x509 -in ${VPN_PKI}/ca.crt)"
ls ${VPN_PKI}/issued \
| sed -e "s/\.\w*$//" \
| while read -r VPN_ID
do
VPN_TC="$(cat ${VPN_PKI}/private/${VPN_ID}.pem)"
VPN_KEY="$(cat ${VPN_PKI}/private/${VPN_ID}.key)"
VPN_CERT="$(openssl x509 -in ${VPN_PKI}/issued/${VPN_ID}.crt)"
VPN_EKU="$(echo "${VPN_CERT}" | openssl x509 -noout -purpose)"
case ${VPN_EKU} in
(*"SSL server : Yes"*)
VPN_CONF="${VPN_DIR}/${VPN_ID}.conf"
cat << EOF > ${VPN_CONF} ;;
user nobody
group nogroup
dev tun
port ${VPN_PORT}
proto ${VPN_PROTO}
server ${VPN_POOL}
topology subnet
client-to-client
keepalive 10 60
persist-tun
persist-key
push "dhcp-option DNS ${VPN_DNS}"
push "dhcp-option DOMAIN ${VPN_DN}"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"
<dh>
${VPN_DH}
</dh>
EOF
(*"SSL client : Yes"*)
VPN_CONF="${VPN_DIR}/${VPN_ID}.ovpn"
cat << EOF > ${VPN_CONF} ;;
user nobody
group nogroup
dev tun
nobind
client
remote ${VPN_SERV} ${VPN_PORT} ${VPN_PROTO}
auth-nocache
remote-cert-tls server
EOF
esac
cat << EOF >> ${VPN_CONF}
<tls-crypt-v2>
${VPN_TC}
</tls-crypt-v2>
<key>
${VPN_KEY}
</key>
<cert>
${VPN_CERT}
</cert>
<ca>
${VPN_CA}
</ca>
EOF
done
service openvpn restart
ls ${VPN_DIR}/*.ovpn

Restoration

Configuration backups do NOT include the downloaded software packages, learned this the really hard way... On any new or refreshed partition image, the following lines !MUST! be run !FIRST! to ensure that the software is in place prior to restoring a configuration!

Login to the router, navigate to System > Backup / Flash Firmware > Reset to defaults > Perform reset (this is destructive, save your working configs if you have them)

After clearing the /overlay directory, issue the successive commands to reload the needeed packages:

opkg update

opkg install luci-app-advanced-reboot luci-app-openvpn openvpn-easy-rsa openvpn-openssl

Then find your working config and navigate to System > Backup / Flash Firmware > Restore backup: <pick the appropriate file name>

Physical

Power cycling the router 3 times in quick succession When it powers on the power LED turns on then will go out briefly, This is when you turn it back off do this again and on the 3rd cycle, leave it powered on and it should boot back to the other partition.

Youtube

Locksport

• LockPickingLawyer
• LPL Kwikset SmartKey Picking

Paracord Lanyard Tying

• Cobra Knot

With 550 7-strand core paracord -- 108 inches (9 feet) from the reel for the grab handle.

• Neck Lanyard

With 550 7-strand core paracord -- 192 inches (16 foot) from the reel for the lanyard. The twisted portion should be about 42"-43" in length as it turns out shorter than expected after the braid and just daily use of folding and is not meant to not be completely rigid, the extra room is to allow for alot of flexibility. When braided, it can turn out shorter than estimated. No two of these will be exactly the alike!

• Note 1: I will use the same color cord for the lanyard as the carabiner unless asked to make a three color variant, or if I feel squirrelly.
• Note 2: I have the "leftovers" mantra running through my head the whole time. On the first half for sizing, twist left strand left side left to avoid snags, and place it over the right, and so on. On the braid part, start with the left strand through a twist and put the right strand under the left one.
• Note 3: Related to note 2, pay attention and try not to miss braiding a twist. It is maddening to spot it ten minutes later, unravel to that spot to fix it.

Unsorted

Backports

In Debian, “enabling backports” means adding one extra repository that carries newer builds of selected software—taken from the next Debian release (“testing”) but rebuilt to run on your current Stable system. It’s Debian’s official way to get a newer kernel, drivers, toolchains, or apps on Stable without switching the whole OS to Testing or Unstable.

How it helps, in plain terms: you keep the rock-solid base of Debian Stable, but you can “opt in” to newer versions package by package when you actually need them—say, a newer kernel/Mesa for GPU support, or a fresher compiler for a project. Those packages are recompiled for Stable and designed to use Stable’s libraries where possible, so they fit in cleanly. (Debian 13’s backports suite is literally named trixie-backports.)

Safety model: backports are off by default and won’t replace anything unless you ask. Technically, Debian marks the backports archive as NotAutomatic and pins its priority to ~100, so normal upgrades ignore it. You only pull from backports when you explicitly target it. That’s why it’s considered the “safe” way to get newer bits on Stable.

What you actually do:

Add the backports repo (Debian 13 “Trixie” example—new deb822 format): 1 2 3 4 5 6 7 8 9 sudo tee /etc/apt/sources.list.d/debian-backports.sources >/dev/null <<'EOF' Types: deb deb-src URIs: http://deb.debian.org/debian Suites: trixie-backports Components: main Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg Enabled: yes EOF sudo apt update This simply makes the backports available; nothing changes yet.

When you need something newer, install it from backports on purpose: 1 2 3 4 5

1. install only this package from backports

sudo apt install <package>/trixie-backports

1. or, also allow any newer dependencies from backports

sudo apt install -t trixie-backports <package> That explicit targeting is the guardrail that keeps Stable “stable.”

A couple of concrete outcomes:

Hardware enablement: newer kernels and driver stacks appear in backports, which can solve “my brand-new GPU/Wi-Fi doesn’t work on base Stable” without you leaving Stable. New features for select apps/tools: you can grab a newer release that adds a needed feature, while the rest of your system stays on Stable versions. (Backports are mostly drawn from Testing and are maintained with a policy to keep an upgrade path to the next Stable.) Caveats to keep in mind: backports aren’t tested as exhaustively as Stable and are supported on a best-effort basis, so Debian recommends using them sparingly—enable the repo, but cherry-pick only what you need, rather than upgrading everything from backports.

FOOTNOTES FOR FURTHER REVIEW

immach for photo/video sharing

debian 13 using kde plasma. I did a base install. seems to be working great.

installbase

apt install curl net-tools openssh-server screen sftpd unzip -y

for desktop only

apt install exiftool flatpak plasma-discover-backend-flatpak