# Journal # Abbreviations used in journaling ant1mbp3 - my MacBook Pro primary workstation (laptop) gcp - Google Cloud Platform ztn - name for my apartment in Riyadh, KSA ant1ss21 and ant1ss24 - Samsung S21 and S24 mobile phones # 2024-11-30 - What a week! [![](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2024-11/scaled-1680-/VoJ5OJYmiArdbyqh-image-1732982226423.png)](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2024-11/VoJ5OJYmiArdbyqh-image-1732982226423.png)[at "mylife" cafe, Riyadh, KSA](https://maps.app.goo.gl/q2mX92w9pxFhnJBq7) - ant1mbp3: friend of mine introduced to me MacOS utilities: Alttab and Flameshot, test flights on them. - ztn: installed Ubuntu on miniPC. - ztn: installed OpenProject on that miniPC. - ztn: deployed local Nextcloud instance, which is connected to GCP Cloud SQL (MySQL) and GCP Storage (S3 compatible). By this, I reduced load onto my virtual machine located in the cloud and “moved computing resources” on-prem (to home). - gcp: Deployed Matomo web analytics solution into cloud, which I use to track activity on my web resources. - gcp: Deployed BookStack for my project “Install and Use” (https://installanduse.com) and optimized that to correctly upload images. - gcp: IAM: Public access (from Internet) permissions to GCP Storage (buckets). - gcp: Configured Nginx webserver simply to return client IP, generally used to determine current external IP address. - Organized photo archive using FastStone Viewer and Double Commander. - Began writing installation notes (about Matomo, Snipe-IT and Bookstack). - gcp: migrated inventory managing system Snipe-IT from old hosting (Avaruus.net), restored from backups, upgraded source code to be compatible with PHP8 (from PHP5), restored DB to Cloud SQL. - gcp: Cloud DNS: separates resources based in GCP into subdomain \*.cloud.2dz.fi, adjusted CNAME's, changes in configurations. - Changed sensitive passwords and refreshed OTP tokens (KeePassXC and FreeOTP+). - Prolonged domains (2dz.fi and installanduse.com) with joker.com. - ant1ss21 and ant1ss24: Updated firmwares on both of them (performed OS upgrade). Cleaned unused or rarely used Android applications on the phone. That is nice to see long term committed support for Samsung S21 model ([released on 2021-01-14](https://en.wikipedia.org/wiki/Samsung_Galaxy_S21)). Recommend Samsung's S-serie. # 2024-12-29 - Ending the year. - Connecting home lab to GCP instance. Cisco ASA 5505 setup: v8.2 does not support IPSECv2. Beginning with v8.4. - Enhanced workstations documents migration and backup strategy - Mirrored mail archive to the cloud (around 55000 letters since 2001) - deployed [Teleport PAM solution](https://goteleport.com/) - Began to use Mac AirBook 11" as travel workstation - wired CAT6 cables at home - upgraded Nextcloud Production - sorted out technologically old Cisco network related books, ready for paper recycle - improved private IT infrastructure - spoke to friend of mine about cyber hygiene a lot and improved his security workflow - new applications for MacOS: Alttab, flameshot, Rectangle, Yandex Music - new apps for Android: 2Gis, Yandex Music TODO: - time.2dz.fi (chrony - network time server) - ns.2dz.fi (Pi-hole - name resolution server) - tp.cloud.2dz.fi - goTeleport PAM solution # 2025-02 За последний месяц, спустя НГ: \- Oracle Linux v9.5: repository proxy \- MariaDB Galera Cluster with ClusterControl \- MaxScale load balancer: manual config \- WindTerm \- CrossHair python \- Nextcloud deployment to GCP \- Creating and interconnecting virtual machines in VirtualBox on Windows11 \- Hostname, machine ID, SSH server keys in Oracle Linux \- Naming convention for Nextcloud production environment \- ZeroTier: SD-WAN networks \- Linphone @Android \- Skiing tracking apps: Ski Tracker, Ski Tracks, Slopes, Skill # 2025-03-30 - SketchUp (WebUI) - BetterDisplay (new display) - CloudText # 2025-04-02 - Pi-hole as reverse DNS for home OpenWRT router - Internal A records in Pi-Hole for local infra - myip.in.2dz.fi analog of myip.2dz.fi but in use with conjunction of internal DNS server - "Alpine Quest Pro" on Android for map orientation - measuring azimuth of aeroplanes - OpenVPN connections and rules enhancements in OPNsense # 2025-05-15 - at KAFD, Riyadh, KSA There was a hectic weeks behind, some topics I briefly touched: - Audacity: conference mic spectrum analysis - OPNsense: upgrade v24.1.7--25.1.5\_5 (FreeBSD v13.2--14.2) - OPNsense: script to extract users' certificates and list expired (users), but after upgrade realized, that these features implemented in the newer version. :) - Configured DMARC and SPF on mail servers - Analysed radio spectrum for WLAN access point - Samsung S21, S24: upgrades to Android v14 - Prepared and printed out salad order form for "Plenty SLD" salad shop. - Icinga: did research on 'zones' and configured infra for distributed monitoring - goTeleport: configured PAM solution with backend reverse proxy - Nextcloud: upgrade v27--29 - AlpineQuest Pro: challenge with azimuth on a bigger scale - built a script to generate the characters in Morse Code to be learnt in more sofisticated way. - cancelled Spotify subscription, as Yandex Music provides more and better - # 2025-07-26 - here and there - Deployed PAM solution: goTeleport - Garmin Boating (former Navionics) on Android tablet for a week long charter in the Med, Turkey. - began to gather digital assets (photos, documents and similar) from different places into on: `Samsung SSD 990 PRO PCIe 4.0 NVMe M.2 SSD - 4 TB` in UGREEN case. - `AlpineQuest Off-Road Explorer Pro` with OpenStreetMaps on Android tablet for forest plot mapping - km6ve1 - ProxMox on miniPC Dell (x64) - km6fw1 on km6ve1: OPNsense - km6fw1: OPNsense: Configured PPPoE for local ISP - MyLifeOrganized (MLO) as collaboration tool for task management - Collabora Office setup - Nextcloud on Oracle Linux 9 - Reviewed and enhanced Repository server for Oracle Linux - Deployed BookStack on Oracle Linux - VirtualBox: adding storage to the virtual machine (extending space with LVM) - Ordered "BIG letters" for radioamateur contests and "Blender related shortcut/hotkey" stickers from [4keyboard.com](https://4keyboard.com) - Transfer TOTP from `FreeOTP+` via `QR Journal` via `QR Capture` to `YubiKey Authenticator` - PrivX Core + PrivX Carrier and Web proxy. - gcp1mx1: Fail2Fan - Nginx `ngx_http_limit_req_module`, specially to optimize user experience with web applications, such as Nextcloud. - GCP: reviewed, cleaned up and enhanced firewall rules (not policies) - Disabled SSH access, which is enabled by default in GCP. - OPNsense: - Configured OpenVPN server to push to the client predefined IP address. - Created plenty of firewall aliases - Rewrote firewall rules to refer to aliases, nor to the static values - Tunnelblick, as alternative to OpenVPN Connect: differenced in handling routing table. - Experimented with MacWhisper - lead to [WhisperCpp](https://github.com/ggml-org/whisper.cpp) - Alternative to native Calendar on MacOS - BusyCal - EnterpriseDB PostgreSQL Extended - setup on Oracle Linux, using Repository server (proxied packages to the infrastructure) # 2025-09-19 - Summer hurries not over yet - Closed cloud perimeter for direct SSH access, adjusted firewall policies. - Mail client to support Microsoft 365, IMAP, PGP encryption/signing and S/MIME encryption/signing. - Speech recognition engine MacWhisper run locally (data remains local) - Tested Calendar BusyCal as alternative to native MacOS Calendar. - Deployed an open-source web-commerce web application 'opencart' in GCP with Cloud SQL as backend. - Protected above-mentioned with Multi-Factor Authentication (MFA) before web application configured on nginx+google authenticator module (users and tokens via PAM (/etc/ga-secrets)). - Participated on SUSE Partner event in RIYADH (organized by Ingram, thanks for invite, guys) - Database server EnterpriseDB PostgreSQL Extended Server (edb-pge) - Setting up Transparent Data Encryption - Setting up Replication to the second server - Enabling High Availability (HA) with EnterpriseDB Failover Manager (edb-efm) - SIP phone Grandstream WP816 firmware upgrade - VPN tunnel between on-prem and cloud environments using Cisco ASA5505 to OPNsense - Obtaining and activating Free 3DES-AES license from CIsco - Upgrading from v8.2 to minimum v8.4 (but did till v9.1(7)32) to support IKEv2 and IPsec - Install TFTP server/client on Windows XP (tftpd32 by Philippe Jounin amd PumpKIN by Klever Group) - Network Printer HP LaserJet 1320dn configuration for ability to print remotely (behind VPN) - Began a list of software with latest supported versions (for Windows XP, MacOS High Sierra and similar classics because they are still in use) - DDoS defender fail2ban: fine-tuned to send mail notifitications. - Deployed Web Application Firewall 'modsecurity' as module for nginx webserver to protect applications.