備份 sqlite3 檔案包含 .db-shm (共享記憶體) 和 .db-wal (寫入預先記錄) 檔案

sqlite3 config.db ".backup '/tmp/config_backup.db'"

Debian usb flash module 載入摘要

載入模組的順序如下：
控制器偵測/核心傳輸層：xhci_pci
協定識別/協定轉譯層：usb_storage 或 uas
裝置映射/裝置類型層：sd_mod
掛載讀取/檔案系統層：vfat 

1. 核心傳輸層：USB 宿主控制器 (HCD)
xhci_pci / xhci_hcd:USB 3.x
ehci_pci:USB 2.0
ohci_hcd / uhci_hcd:USB 1.1

2. 協定轉譯層：USB Mass Storage
usb_storage:實作「USB Mass Storage Class (MSC)」
uas (USB Attached SCSI): 較新的技術，支援 USB 3.0。

3. 裝置類型層：SCSI 模擬
sd_mod (SCSI Disk): 管理磁碟裝置。
scsi_mod: SCSI 核心子系統，提供基礎的儲存管理框架。

4. 檔案系統層 (File Systems)
vfat / fat、exfat、ntfs3 / ntfs 、isofs / udf

Debian 11 安裝 R 4.2.0

apt install texinfo
apt install texlive-base texlive-latex-extra
apt install texlive-fonts-recommended texlive-fonts-extra texlive-latex-extra

wget https://cran.r-project.org/src/base/R-4/R-4.2.0.tar.gz
tar zxvf R-4.2.0.tar.gz
cd R-4.2.0
./configure --prefix=/opt/R/4.2.0 --enable-R-shlib
make
make install

DietPi 安裝中文

apt install fonts-noto-cjk
apt install scim im-config zenity
apt install scim-chewing
im-config -n scim

apt install fcitx5 fcitx5-chewing

Debian 13 安裝 docker

 docker 安裝

# Add Docker's official GPG key:
sudo apt update
sudo apt install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
Types: deb
URIs: https://download.docker.com/linux/debian
Suites: $(. /etc/os-release && echo "$VERSION_CODENAME")
Components: stable
Signed-By: /etc/apt/keyrings/docker.asc
EOF

sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

sudo systemctl status docker
sudo systemctl start docker
sudo systemctl enable --now docker

 ps -e -o pid,user:16,args:64,cgroup | grep lxc/4001/

Proxmox VE 8.x 更新 9.x

 編輯 /etc/network/interfaces
新增 
source /etc/network/interfaces.d/*

Proxmox VE 8.X安裝 CPU microcode package 'intel-microcode'

編輯  /etc/apt/sources.list 加入 non-free-firmware

sudo apt update; apt install intel-microcode

重啟系統，微代碼必須在啟動初期載入才能生效

確認指令
journalctl -k | grep microcode

取得 pyenv cache 連結

 #!/bin/bash

PYENVDIR=~/.pyenv/
cd $PYENVDIR/plugins/python-build/share/python-build

parse1() {
for i in *;do [ -d "$i" ]&&continue
cat $i|grep install_package
done|xargs -n 1 |grep -e http:// -e https:// |sort
}

for i in $(parse1);do t=${i%\#*};t=${t#src=};echo $t;done

Debian 13 更改網路卡別名

編輯  /etc/systemd/network/10-eth1.link

[Match]
MACAddress=00:11:22:33:44:55

[Link]
Name=eth1

方法二 UDEV設定方式
編輯 /etc/udev/rules.d/10-rename-it.rules
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="00:11:22:33:44:55", NAME="eth1"
Debian 網路命名規則通常在開機 initramfs 階段就決定，須更新 initramfs
update-initramfs -u

Debian 13 SCIM 安裝設定

 apt -y install scim scim-tables-zh scim-chewing

設定
Applications - Settings - SCIM Input Method Setup - Generic Table
Show prompt
Show key hint

ollama + docker + open webui 免帳號密碼

docker 安裝
# Add Docker's official GPG key:
sudo apt update
sudo apt install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
Types: deb
URIs: https://download.docker.com/linux/debian
Suites: $(. /etc/os-release && echo "$VERSION_CODENAME")
Components: stable
Signed-By: /etc/apt/keyrings/docker.asc
EOF

sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

sudo systemctl status docker
sudo systemctl start docker
sudo systemctl enable --now docker

安裝 Ollama
apt install -y zstd
curl -fsSL https://ollama.com/install.sh | bash
ollama --version
mv /usr/share/ollama  /usr/share/ollama.bak
ln -s /home/ollama/ /usr/share/ollama 

編輯 /etc/systemd/system/ollama.service 加入
[Service]
Environment="OLLAMA_HOST=0.0.0.0"

docker Open WebUI  設定
編輯 nginx.conf
server {
    listen 80;
    location /admin { return 403; }
    location /api/v1/admin { return 403; }
    location /api/v1/auth/update { return 403 "Action Denied: Profile updates are disabled.";  }
    location /api/v1/users {  return 403 "Action Denied.";  }

    if ($request_method = DELETE) {
        return 403 "Delete operations are strictly prohibited on this server.";
    }

    location /api/models {
        if ($request_method = DELETE) { return 403; }
        proxy_pass http://open-webui:8080;
    }

    location / {
        proxy_pass http://open-webui:8080;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

編輯docker-compose.yml
services:
  nginx-proxy:
    image: nginx:alpine
    container_name: nginx-proxy
    ports:
      - "3000:80"
    volumes:
      - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
    depends_on:
      - open-webui

  open-webui:
    image: ghcr.io/open-webui/open-webui:main
    container_name: open-webui
    environment:
      - "WEBUI_AUTH=False"
      - "OLLAMA_BASE_URL=http://host.docker.internal:11434"
      - "DEFAULT_USER_ROLE=user"
      - "ENABLE_ADMIN_EXPORT=False" 
      - "SHOW_ADMIN_DETAILS=False" 
      - "ENABLE_MODEL_CHANGES=False" 
      - "ENABLE_PERSISTENT_CONFIG=False"
      - "ENABLE_COMMUNITY_SHARING=False"
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - open-webui-data:/app/backend/data
    restart: always

volumes:
  open-webui-data:

docker compose up -d

相關指令
docker stop open-webui
docker rm open-webui
docker volume rm open-webui
docker volume rm docker_open-webui-data
docker volume rm open-webui-data
docker stop nginx-proxy;docker rm nginx-proxy

Shorewall Hairpin NAT 或 NAT Loopback 設定方式

fw  eth0:192.168.119.253/24
ap  eth2:192.168.119.231/24:3142

編輯 /etc/shorewall/interfaces
增加 內網介面  routeback 選項( Shorewall 會丟棄在同一個介面「進又出」的封包)
loc             eth2                    dhcp,routeback

編輯 /etc/shorewall/snat  (偽裝來源，讓伺服器以為是「防火牆」在找它)
SNAT(192.168.119.253)   192.168.119.0/24 eth2 tcp 3142 -

編輯/etc/shoreall/rule (定義轉發：當內網存取fw ，目標轉向伺服器)
DNAT:NFLOG(4) loc    loc:192.168.119.231 tcp 3142 - -

LEAF 關機前搬移 LOG 至封存目錄

# !/bin/sh
# /root/stoplog.sh

f=stoplog$(date +%Y%m%d-%H%M%S).tar.gz
mount /dev/vda /mnt
tar czvf /mnt/archive/$f /var/log
umount /mnt

設定方式
編輯  /etc/default/local.stop
## Commands that will be executed at the beginning of shutdown
#

/root/archivelog.sh
/root/stoplog.sh

取代 netstat-nat 指令

[ -f /proc/net/nf_conntrack ]&& cat  /proc/net/nf_conntrack
[ -f /proc/net/ip_conntrack ]&& cat /proc/net/ip_conntrack

相關模組
nf_conntrack
ip_conntrack (2.6.24 核心之前)

查詢目前連線數：
cat /proc/sys/net/netfilter/nf_conntrack_count

查看連線數上限：
sysctl net.netfilter.nf_conntrack_max

LEAF 定期搬移 LOG 至 封存目錄

#!/bin/sh
# /root/archivelog.sh
# move log to archive
#:> /var/log/conntrackd.log;

date >/tmp/archive.sh.run
echo $$>>/tmp/archive.sh.run

ADEV=/dev/vda
AMNT=/mnta
ADIR=${AMNT}/archive
LOGDIR=/var/log

Exit_safely (){ umount -f ${AMNT};  rmdir ${AMNT}; }

/usr/bin/logrotate

[ -d $AMNT ]||mkdir -p $AMNT
mount |grep ${AMNT}
[ $? -gt 0 ]&&{ mount $ADEV $AMNT && trap Exit_safely EXIT|| exit 1; }

# echo mount archive directory  ${ADEV} ${AMNT} 

[ -d ${ADIR} ]||mkdir -p ${ADIR}

for i in $LOGDIR/*.gz;do [ -f "$i" ]||exit;done

for i in $LOGDIR/*.gz;do
t=$(basename $i);t=${t%.gz}-$(date +%Y%m%d_%H%M%S).gz;echo $i $t;mv $i ${ADIR}/$t;
done

執行方式
編輯 /etc/crontab
0 *     * * *   root    /root/archivelog.sh

Dnsmasq DNS 查詢增加黑名單

 #!/bin/sh
# adblockMY.sh 

urls="donate.ssl.xmrig.com "

conf=/etc/dnsmasq.d/adblockMY.conf
for url in $urls;do echo server=/${url}/;done >${conf};

/etc/init.d/dnsmasq restart
leaf119x# 

Dnsmasq DNS 查詢增加黑名單 (pgl.yoyo.org)

#!/bin/sh
# adblock.sh

url=https://pgl.yoyo.org/as/serverlist.php?hostformat=dnsmasq-server;showintro=0

conf=/etc/dnsmasq.d/adblock.conf

tmp=${conf}.tmp

wget --no-check-certificate "${url}" -q -O ${tmp}

[ $? -gt 0 ]&&exit $?;

cat ${tmp}|grep server= >${conf} 

[ -f "${tmp}" ]&&rm ${tmp};

dnsmasq -C ${conf} --test && /etc/init.d/dnsmasq restart || rm ${conf}; 

Dnsmasq DNS 查詢增加黑名單 (filter.futa.gg)

 #!/bin/sh
# adblockFutaGuard.sh 
# https://github.com/FutaGuard/LowTechFilter?tab=readme-ov-file

#
urls="https://filter.futa.gg/hosts_domains.txt"
urls="$urls https://filter.futa.gg/TW165_domains.txt"
urls="$urls https://filter.futa.gg/TWNIC-RPZ_domains.txt"
urls="$urls https://filter.futa.gg/nofarm_domains.txt"
urls="$urls https://filter.futa.gg/nrd/past-01day_domains.txt"

for url in $urls;do
conf=/etc/dnsmasq.d/adblock$(basename $url|awk -F . '{print $1}').conf
tmp=${conf}.tmp
wget --no-check-certificate "${url}" -q -O ${tmp}
[ $? -gt 0 ]&& { [ -f "${tmp}" ]&&rm ${tmp}; continue; };                                                

cat ${tmp}|awk '{print "server=/"$1"/"}' >${conf}
[ -f "${tmp}" ]&&rm $tmp;
dnsmasq -C ${conf} --test || rm ${conf};
done

/etc/init.d/dnsmasq restart; 

使用 /proc 取得 ip address

 cat /proc/net/fib_trie

LEAF 7.x 預設設定

#修改 /etc/crontab
cat >>/etc/crontab <<'EOF'
*/20 *     * * *   root    /root/marklog.sh
0    *     * * *   root    /root/archivelog.sh
EOF

#修改 /etc/default/local.stop 
cat >>/etc/default/local.stop  <<'EOF'
/root/marklog.sh
/root/archivelog.sh
EOF

#新增 /root/marklog.sh 
cat >/root/marklog.sh <<'EOF'
#!/bin/sh
_log=/var/log/shorewall.log
_xx=$(date +"%Y-%m-%d %H:%M:%S");
echo "### MARK ${_xx}" >>${_log}
EOF

#新增 /root/archivelog.sh
cat >/root/archivelog.sh  <<'EOF'
#!/bin/sh
#:> /var/log/conntrackd.log;
date >/tmp/archive.sh.run
echo $$>>/tmp/archive.sh.run

ADEV=/dev/vda
AMNT=/mnta
ADIR=${AMNT}/archive
LOGDIR=/var/log

Exit_safely (){ umount -f ${AMNT};  rmdir ${AMNT}; }

/usr/bin/logrotate
[ -d $AMNT ]||mkdir -p $AMNT
mount |grep ${AMNT}
[ $? -gt 0 ]&&{ mount $ADEV $AMNT && trap Exit_safely EXIT|| exit 1; }

echo aaa
[ -d ${ADIR} ]||mkdir -p ${ADIR}
for i in $LOGDIR/*.gz;do [ -f "$i" ]||exit;done

for i in $LOGDIR/*.gz;do
t=$(basename $i)
t=${t%.gz}-$(date +%Y%m%d_%H%M%S).gz
echo $i $t
mv $i ${ADIR}/$t
done
EOF

TiddlyWiki 輸入 --

 ``--ab ``

&#45;&#45;ab

Proxmox VE 選擇開機 Kernel

查看所有可用的核心版本
proxmox-boot-tool kernel list 

系統自動載入特定版本
proxmox-boot-tool kernel pin 6.5.11-8-pve

換回最新版本
proxmox-boot-tool kernel unpin

Debian 13 安裝 QNAP Qfinder

sudo apt update
sudo apt install wget gdebi-core libglib2.0-0 libnss3 libatk1.0-0 libcups2 libdrm2 libgbm1 zenity

更改 Samba AD DNS Forward

編輯 /etc/samba/smb.conf

[global]
        dns forwarder = 192.168.1.1

Debian 13 安裝 Samba 升級 DC 建立網域

安裝軟體
apt install -y sudo
apt install -y samba-ad-dc winbind libpam-winbind libnss-winbind
apt install -y acl attr samba samba-dsdb-modules samba-vfs-modules winbind libpam-winbind libnss-winbind libpam-krb5 krb5-config krb5-user dnsutils net-tools

apt install samba krb5-config winbind smbclient -y
apt install ldb-tools  -y

systemctl stop smbd nmbd winbind
systemctl disable smbd nmbd winbind
systemctl mask smbd nmbd winbind

升級 Domain Controller
mv /etc/samba/smb.conf /etc/samba/smb.conf.ori
samba-tool domain provision --use-rfc2307 --interactive

mv /etc/krb5.conf /etc/krb5.conf.ori
ln -s /var/lib/samba/private/krb5.conf /etc/krb5.conf   

systemctl start samba-ad-dc

測試
smbclient -L localhost -U%
samba-tool domain level show

Debian 13 安裝 R-Studio

apt install -y r-base
apt install -y libclang-dev 

wget https://download1.rstudio.org/electron/jammy/amd64/rstudio-2026.01.1-403-amd64.deb
dpkg -i rstudio-2026.01.1-403-amd64.deb

Proxmox VE 更新 網路設定異常

WARN: missing 'source /etc/network/interfaces.d/sdn' directive for SDN support!
TASK WARNINGS: 1

編輯 /etc/network/interfaces 末端加入
source /etc/network/interfaces.d/*

Debian 13 lastlog / lastb

Debian 13 (Trixie)  lastlog 被 lastlog2 替代

安裝
sudo apt update;apt install lastlog2 libpam-lastlog2
reboot

# 查詢
lastlog2

相關工具
lastb 由 lslogins --failed 取代

NFS Client 錯誤訊息

open pipe file /run/rpc_pipefs/nfs/blocklayout failed: No such file or directory

停用不必要的 pNFS 服務，一般的 NFS 掛載（非高效能並行檔案系統），關閉這個報錯的服務，不會影響正常的 NFS 掛載

systemctl stop nfs-blkmap
systemctl disable nfs-blkmap
systemctl mask nfs-blkmap

Debian 13 安裝 Proxmox Datacenter Manager

編輯 /etc/apt/sources.list.d/debian.sources 內容如下
Types: deb
URIs: http://deb.debian.org/debian/
Suites: trixie trixie-updates
Components: main contrib non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb
URIs: http://security.debian.org/debian-security/
Suites: trixie-security
Components: main contrib non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

設定 Repositories
cat <<EOF >/etc/apt/sources.list.d/proxmox.sources
Types: deb
URIs: http://download.proxmox.com/debian/pdm
Suites: trixie
Components: pdm-no-subscription
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
EOF

設定 簽章金鑰
wget https://enterprise.proxmox.com/debian/proxmox-archive-keyring-trixie.gpg -O /usr/share/keyrings/proxmox-archive-keyring.gpg

安裝軟體
apt update
apt install proxmox-datacenter-manager proxmox-datacenter-manager-ui

Quanta IX8D 摘要

Quanta IX8D - 48x25G SFP 8x100G QSFP, Runtime Code 22.06, Linux 4.14.4, 2017.11.00.12
Machine Type   Quanta IX8D - 48x25G SFP 8x100G QSFP
Machine Model  IX8D
Software Version 22.06
Manufacturer Name QSMC
Software Storage mSATA
Operating System Linux 4.14.4
Network Processing Device BCM56873_A0

sudo qnos-console (admin / password)
/etc/debian_version
buster/sid

連線設定
Bps/Par/Bits       : 115200 8N1                                |
Hardware Flow Control : No                                        |
Software Flow Control : No  

Proxmox VE 8.x 安裝時螢幕黑屏

開機選項加入  nomodeset