add scrubbing time to important dates and times

add example json aws route53 record for minecraft
add section on decrypting and scrubbing pools
2025-07-25 20:42:31 -04:00 · 2025-07-25 20:42:18 -04:00 · 2025-07-25 20:42:04 -04:00 · 2025-07-25 20:41:51 -04:00
5 changed files with 98 additions and 48 deletions
--- a/README.md
+++ b/README.md
@@ -98,6 +98,7 @@ ssh $SSH_HOST
 | 05:00 | Saturday | Server VM Updates              |
 | 05:00 | All      | Unifi Protect Firmware Updates |
 | 06:00 | All      | Unifi Network Firmware Updates |
+| 06:00 | Saturday | Truenas Disk Scrub             |

 ## Project Lifecycle

--- a/active/os_fedora/fedora-server.md
+++ b/active/os_fedora/fedora-server.md
@@ -29,9 +29,6 @@
    - [Quick Backup](#quick-backup)
    - [Regular Backups with Borg](#regular-backups-with-borg)
  - [Optional Steps](#optional-steps)
-    - [Docker with Podman as Runtime](#docker-with-podman-as-runtime)
-    - [Vanilla Docker](#vanilla-docker)
-    - [Extra Software](#extra-software)
    - [Disable Swap](#disable-swap)
    - [Disable Selinux](#disable-selinux)
    - [Downgrading Kernel](#downgrading-kernel)
@@ -426,7 +423,7 @@ iscsiadm -m node \
 systemctl restart iscsid

 # Discover targets
-iscsiadm -m discovery -t st -p driveripper.reeselink.com
+iscsiadm -m discovery -t st -p drivework.reeselink.com

 # Login to all nodes
 iscsiadm -m node -l
@@ -488,44 +485,6 @@ See [borg.md](/active/systemd_borg/borg.md)

 ## Optional Steps

-### Docker with Podman as Runtime
-
-Note, you'll need to ssh into the server as the user in order to start the user's systemd session.
-
-```bash
-sudo dnf install podman docker docker-compose
-sudo loginctl enable-linger 1000 # Or whatever user
-
-systemctl --user enable --now podman.socket
-docker context create podman --docker host=unix://$XDG_RUNTIME_DIR/podman/podman.sock
-docker context use podman
-```
-
-### Vanilla Docker
-
-<https://docs.docker.com/engine/install/fedora/>
-
-```bash
-dnf -y install dnf-plugins-core
-dnf-3 config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo
-dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
-systemctl enable --now docker
-```
-
-### Extra Software
-
-```bash
-# Set vim as the default editor
-dnf install -y vim-default-editor  --allowerasing
-
-# Install glances for system monitoring
-dnf install -y glances
-
-# ZSH
-dnf install -y zsh
-chsh -s $(which zsh) && chsh -s $(which zsh) ducoterra
-```
-
 ### Disable Swap

 ```bash
--- a/active/os_fedora/fedora-software.md
+++ b/active/os_fedora/fedora-software.md
@@ -1,7 +1,8 @@
-# Apps
+# Fedora Software

- [Apps](#apps)
+- [Fedora Software](#fedora-software)
  - [Common CLI Apps](#common-cli-apps)
+  - [Podman](#podman)
  - [Gear Lever](#gear-lever)
  - [VSCode](#vscode)
    - [DNF](#dnf)
@@ -53,6 +54,8 @@
  - [Ollama](#ollama)
  - [UV](#uv)
  - [Pipenv](#pipenv)
+  - [Docker](#docker)
+  - [Boxes](#boxes)

 Flatpak installs are from Flathub unless otherwise noted.

@@ -124,6 +127,12 @@ sudo dnf install \
  gcc
 ```

+## Podman
+
+```bash
+dns install -y podman
+```
+
 ## Gear Lever

 I would recommend you install Gear Lever to manage App Images:
@@ -587,6 +596,8 @@ flatpak install org.gnome.Evolution
 ```bash
 # Virtualization
 sudo dnf group install --with-optional virtualization
+
+sudo systemctl start libvirtd
 ```

 ## NVM
@@ -613,3 +624,22 @@ For starting ollama as a service, follow the link below:
 ## Pipenv

 <https://pipenv.pypa.io/en/latest/installation.html#installing-pipenv>
+
+## Docker
+
+<https://docs.docker.com/engine/install/fedora/>
+
+```bash
+dnf -y install dnf-plugins-core
+dnf-3 config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo
+dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+systemctl enable --now docker
+```
+
+## Boxes
+
+Virtualization at its boxiest.
+
+```bash
+flatpak install org.gnome.Boxes
+```
--- a/active/os_truenas/truenas.md
+++ b/active/os_truenas/truenas.md
@@ -17,6 +17,8 @@
    - [Cleaning up old snapshots](#cleaning-up-old-snapshots)
    - [Creating and restoring snapshots](#creating-and-restoring-snapshots)
    - [Filesystem ACLs](#filesystem-acls)
+    - [Decrypting Pools](#decrypting-pools)
+    - [ZPool Scrubbing](#zpool-scrubbing)
  - [ISCSI](#iscsi)
    - [Create ZVOL](#create-zvol)
    - [Create ISCSI Target](#create-iscsi-target)
@@ -247,6 +249,42 @@ Dataset -> Dataset details (edit) -> Advanced Options -> ACL Type (inherit)
 setfacl -b -R /mnt/enc0/smb/media
 ```

+### Decrypting Pools
+
+Unlocking through the UI.
+
+We'll need to recreate the key manifest json. This is a little tedious, but
+your keys will be correct after this process.
+
+```bash
+# List all datasets and format them for json keys
+export LIST_DATASET=pool0/dcsi
+echo "{" && \
+for DATASET_PATH in $(sudo zfs list -r $LIST_DATASET -H -o name); do echo "    \"$DATASET_PATH\": \"key_here\","; done && \
+echo "}"
+
+# If the dataset's children have all the encryption keys
+# Note this generates the cat EOF commands to create the json files needed to unlock.
+export TL_DATASET=pool0
+for TL_DATASET_PATH in $(zfs list -r $TL_DATASET -H -o name -d 1); do \
+echo "cat <<EOF > dataset_${TL_DATASET_PATH}_key.json" && \
+echo "{" && \
+for DATASET_PATH in $(zfs list -r $TL_DATASET_PATH -H -o name); do echo "    \"$DATASET_PATH\": \"key_here\","; done && \
+echo "}" && \
+echo "EOF";
+done
+```
+
+### ZPool Scrubbing
+
+```bash
+# Start a scrub
+zpool scrub pool0
+
+# Check status
+zpool status pool0
+```
+
 ## ISCSI

 ### Create ZVOL
--- a/active/podman_minecraft/minecraft.md
+++ b/active/podman_minecraft/minecraft.md
@@ -100,10 +100,32 @@ ssh minecraft systemctl --user restart minecraft
 1. Create your minecraft ddns record first [following these docs](/active/podman_ddns/ddns.md#)
 2. Create a SRV record in your DNS provider like the following:

-    | Field       | Value                                  |
-    | ----------- | -------------------------------------- |
-    | Record name | _minecraft._tcp.testcraft.reeseapps.com |
-    | Value       | 0 5 25566 minecraft.reeseapps.com      |
+    active/podman_minecraft/secrets/reeseapps_records.json:
+
+    ```json
+    {
+        "Comment": "CREATE/UPSERT/DELETE a record ",
+        "Changes": [
+            {
+                "Action": "UPSERT",
+                "ResourceRecordSet": {
+                    "Name": "_minecraft._tcp.testcraft.reeseapps.com",
+                    "Type": "SRV",
+                    "TTL": 300,
+                    "ResourceRecords": [
+                        {
+                            "Value": "0 5 25566 minecraft.reeseapps.com"
+                        }
+                    ]
+                }
+            }
+        ]
+    }
+    ```
+
+    ```bash
+    aws route53 change-resource-record-sets --hosted-zone-id $(cat active/aws_route53/secrets/reeseapps-zoneid) --change-batch file://active/podman_minecraft/secrets/reeseapps_records.json
+    ```

 3. Test your record with `nslookup`
Author	SHA1	Message	Date
ducoterra	f2d684fa7c	add scrubbing time to important dates and times	2025-07-25 20:42:31 -04:00
ducoterra	7980bfb381	add example json aws route53 record for minecraft	2025-07-25 20:42:18 -04:00
ducoterra	20690c48e5	add section on decrypting and scrubbing pools	2025-07-25 20:42:04 -04:00
ducoterra	ca582333f1	move some fedora software from server to software md	2025-07-25 20:41:51 -04:00