fix

Dockerfile

@@ -8,7 +8,7 @@ RUN \
   chown -R nobody:nobody /var/cache/nginx /var/log/nginx && \
   sed -i 's/listen\s\+80;/listen 8080;/' /etc/nginx/conf.d/default.conf && \
   sed -i 's/index  index.html index.htm;/index   mdwiki.html;/' /etc/nginx/conf.d/default.conf && \
-  sed -i 's,pid\s\+/var/run/nginx.pid;,pid /tmp/nginx.pid;,' /etc/nginx/nginx.conf
+  sed -i 's,pid\s\+/run/nginx.pid;,pid /tmp/nginx.pid;,' /etc/nginx/nginx.conf
 USER nobody
 # ------------
 EXPOSE 8080

content/keys.md

@@ -11,6 +11,5 @@
 * [`082071E0415E0A2D87A2385B5159E88B93B67538`](/static/082071E0415E0A2D87A2385B5159E88B93B67538.txt)
 * [`7B5C0BB6AFCADDC8E3435746B76E53073EE19643`](/static/7B5C0BB6AFCADDC8E3435746B76E53073EE19643.txt)
 * [`90E1D1E935FC6AB94444B15B18FDFA577A8871AD`](/static/90E1D1E935FC6AB94444B15B18FDFA577A8871AD.txt)
-* [`BDB9F424842252FB4D8EEDDCE49AF3B9EF6DD469`](/static/BDB9F424842252FB4D8EEDDCE49AF3B9EF6DD469.txt)
-
-
+* [`BDB9F424842252FB4D8EEDDCE49AF3B9EF6DD469`](/static/BDB9F424842252FB4D8EEDDCE49AF3B9EF6DD469.txt) (Dell Laptop, USB-A nano)
+* [`F53691B26F457823DF3E954BB3E461281CF3CE5D`](/static/F53691B26F457823DF3E954BB3E461281CF3CE5D.txt) (Keychain, USB-C)

content/snippets/0260-administring-a-cisco-switch.md

@@ -5,6 +5,14 @@ date: 2025-04-17
 
 # Administring a Cisco Switch - Basics for the Homelab Usage
 
+## Connecting to the Switch
+
+Only quite old ssh parameters are supported:
+
+```
+ssh -oKexAlgorithms=+diffie-hellman-group14-sha1 -oHostKeyAlgorithms=+ssh-rsa admin@192.168.2.1
+```
+
 ## Saving the Configuration
 
 Never forget, otherwise after reboot changes are gone!
@@ -33,19 +41,39 @@ exit
 exit
 ```
 
-The first `exit` leaves the interface, the second `exit` leaves the config session.
+The first `exit` leaves the VLAN, the second `exit` leaves the config session.
 
-If the VLAN should be used for management purposes it needs an IP address:
+If the VLAN should be used for management purposes additionally an interface for this VLAN is required with an IP address:
 
 ```
 configure terminal
 vlan 2000
 name vlan2000
+exit
+
+interface vlan 2000
 ip address dhcp
 exit
+
 exit
 ```
 
+or
+
+```
+configure terminal
+vlan 2000
+name vlan2000
+exit
+
+interface vlan 2000
+ip address 192.168.88.3 255.255.255.0
+exit
+
+ip default-gateway 192.168.88.1
+
+exit
+```
 
 Check your work:
 
@@ -94,3 +122,56 @@ exit
 `native` makes the VLAN untagged on that port.
 
 
+### SSH access and hardening measures
+
+First of all, the switch needs to know about time and requires a name:
+
+About time:
+```
+configure terminal
+ntp server de.pool.ntp.org
+clock timezone Etc/Utc
+exit
+```
+
+About names:
+```
+configure terminal
+hostname switch01
+ip domain-name mynetwork.intern
+exit
+```
+
+An user is required:
+```
+configure terminal
+username admin password geheim123
+exit
+```
+
+A host key must be generated:
+```
+crypto key generate rsa
+```
+This command will ask for the key length. Select 2048 bits.
+
+Set the SSH version:
+```
+ip ssh version 2
+```
+
+Configure the virtual terminals accordingly:
+```
+configure terminal
+line vty 0 15
+transport input ssh
+login local
+exit
+```
+
+As mentioned about, the switches support only quite old SSH protocols, so to access it use on the client side:
+```
+ssh -oKexAlgorithms=+diffie-hellman-group14-sha1 -oHostKeyAlgorithms=+ssh-rsa admin@192.168.2.1
+```
+
+

content/snippets/0270-docker-on-apple-silicon.md

@@ -0,0 +1,73 @@
+<!--
+title: Docker on Apple Silicon
+date: 2025-05-12
+-->
+
+# Docker on Apple Silicon - without longrunning background processes and without Rosetta
+
+Docker itself comes with some background processes. Fine for servers, which only exists to run the containers all the time, disadvantageous for a laptop where you run a container only now and then. ChatGPT proposed `podman` and `finch` and as I already heard and read about `podman` I tried it first.
+
+## podman
+
+```
+brew install podman
+```
+
+Afterwards,
+
+```
+podman machine init
+podman machine start
+```
+
+is required to start a VM to run containers within. However,, while the init command directly worked, when issueing the start command I was demanded to install Rosetta. I don't want.
+
+So
+
+```
+podman machine rm
+brew uninstall podman
+```
+
+
+## finch
+
+This is a open source product of AWS: [https://aws.amazon.com/de/blogs/opensource/introducing-finch-an-open-source-client-for-container-development/](https://aws.amazon.com/de/blogs/opensource/introducing-finch-an-open-source-client-for-container-development/).
+
+```
+brew install finch
+```
+
+Here also
+
+```
+finch vm init
+finch vm stop
+```
+
+is required and afterwards containers can be executed:
+
+```
+finch run -it ubuntu bash
+```
+
+It appears, that the commandline interface of `finch` it compatible with the one of `docker`, at least I haven't found any flaws yet. Since, I usually have full docker commandline in my notes I created an alias:
+
+```
+alias docker="echo -e '\033[1;31m>>> REMEMBER: docker is finch here <<<\033[0m' && finch"
+```
+
+Using this alias (I've it in my `.bashrc`) I can call `docker` and `finch` is executed, with a big reminder that it actually is `finch`.
+
+As soon as I don't need to run containers anymore, I can call
+
+```
+finch vm stop
+```
+
+and no process remains running. Fine.
+
+
+
+
+

content/static/F53691B26F457823DF3E954BB3E461281CF3CE5D.txt

@@ -0,0 +1,18 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZ+PYvBYJKwYBBAHaRw8BAQdAny08AcNHckbQ9+4yeP96NingMGoAnEFv//D7
+38R0aI+0JVdvbGZnYW5nIEhvdHRnZW5yb3RoIDx3b2hvQGhvdHRpcy5kZT6IkwQT
+FgoAOxYhBPU2kbJvRXgj3z6VS7PkYSgc885dBQJn49i8AhsDBQsJCAcCAiICBhUK
+CQgLAgQWAgMBAh4HAheAAAoJELPkYSgc885duXMBAOljrLHAVWR2M/4d7XiTYEDR
+LxyXkv0I3pKWyWf0+lKBAP9Nnlwqyi9IZGJgg4KDCDrvmwBWT/cs0AMzZyTo0IGS
+DrgzBGfj2LwWCSsGAQQB2kcPAQEHQPJB1WXrw8nMK+L09KAoDVZQ7t5UzLII1+6h
+xXDQnBh0iHgEGBYKACAWIQT1NpGyb0V4I98+lUuz5GEoHPPOXQUCZ+PYvAIbIAAK
+CRCz5GEoHPPOXbPHAQDKQLK3rFBj/i3KCcXNsSUyfgTlRpOyzh7NKJZNFGaRJQEA
+4Y8xDsiQV1Csw4LMzX46bXhuOlp+hMNUWcZ1nw5iCA64OARn49i8EgorBgEEAZdV
+AQUBAQdAtT+gDuinLXcJrlgODh1HZSOaMg65utHTZp41HMyzOXwDAQgHiHgEGBYK
+ACAWIQT1NpGyb0V4I98+lUuz5GEoHPPOXQUCZ+PYvAIbDAAKCRCz5GEoHPPOXWdn
+AQCuhYJ5PNQcYrtq0kRChO+FTwy1AGvln+Zjrm/1YUox9gD/dnwHgzZThnNQtufy
+uFWsbiylLFtWTSZ5gWpU2N7T1A4=
+=XfK5
+-----END PGP PUBLIC KEY BLOCK-----
+

content/static/mysshkeys.txt

@@ -6,3 +6,4 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDgWpTiwD2v1PIfgEMB6/BjPhevD2pV6I7l6U08ESXc
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDA76VvXrpw03opLO6nWnY+hOsxUkba1uDl8CRG6JXlEtC4DvNaejJ2jnaa2kLD4M9a+3H2tXmmZlOm8UzdFQNcRJCkmAsapuedb5gI12w4G7O8aCPJftsQlO/ICojjsFj0OIDzxHWIMOMmJN9u4+FQdaiif6nUbVRmpTFS0oEX6niLqgKOMqp4a/+bD4IJpdLj6kEBnw0PFS+16p6S2BRIN8W/brOngvu/5RdmEN3bvco/H476OfGYU40IZW5JBl5uJd/qXqZ7GVW9YVnCFfpJQVvRT4fi2AmCrSHngsuRXzID+JxYtC+8Emw2AREKSFKG7H+iOdF7k92TL0JZmDU0JBzWd0/NJ4C+J5Hz4JDb62KVURglDcUhAy8WqHHmut919xjUCRuqjymEqr9WizQW21HPhIm3E7EjVz4id/lX97Vjy+qYIFIZtc7nDup1VSO4Rqt/1eQM96IVe0nxA0jGTCGouXcemdzxNtBck4grl8LmKACymFKxalB7q9RT9Ji6DCTs4oAi7r5lKd9h5zfXQMbK8H/TEDO5bP4coARQiAXbpOGgzmx7teTe7B/VP1mXUAFloA6uQmqlC3bcTp2TiwSrIS0y/YJBVPS3pIeC+iANvYBkVe93/VTIyH6+Zc4afM85YcPCd7p+NlMqvsKpPkIyBpGrlvB6GE9Kcgg/Fw== openpgp:0x8C28C039
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+9wuMSMxDylwcKNJzr8Z+HkyuuxEi1MKiV9lEDD4o4FuCuo3COqfhxl4hx2+B8e2hPiCUmEhNhRDIQZ25JS+LEywOdDUAqODNnrD0Tc8ueb6zI9MEqwg4mHa+F6LoJJLfNBX1BSdDgg5AVZpH5wu5n6f6YAhPo+ZbzEmObNt/38PcZsl2FO5q0lNpf0phGowDze8oteuATc21tM96K+1CYony5rzDtB2J6554WlRltNufzH4UcUUBvOceiqKu6n/KhkTuVFq76Wp3ERstF0TGMP7M5jEB58cI1hdhfEiC/GL3WIwpbhMAMsrFZrFlJJiDdivvqBnWDPxjfaRLKPEtXryyQ5NPuvN27TpjiQGvLVqskFbPmkaVH5iI4F835g2xrk+qKKQGRTNNh0rVHPqCCPSvYvS/7cRkrfepB2V1bYGAdMHdF6NvJpe9VqWb5lcl3uJxcLQY4evvv+53HLVPAz2DIjr/IF/8mmoHLvdxHlihHmCDlem7Yg4NIWFrl8v48uEHCbaBxtGU+aWbleE0Lr3Lo1OqoqMyAyBMQSl11WfOgq4PELK39OEkJipCAvMFI/FSc9plVSmaHWMuJzGsHCsrBPWnD/CS/G38LLaxgg1mXNt6GHLmDwrWw38PTbN0sNtXm80x5ReVjpvvVooIUZerYJ18sb8bOZ7O2jLE5w== openpgp:0x591AFDCE
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDWP/CfohVMxpsuryOPwh5F0o6TNret5patWZTF3hstZop5/ghlDO8vm5LRg2/a6VrP1e0rOnU24tGjO6VlhZguWfz7ixQAHx7AbjllnD+NIY5nKXSk6RtKk2D42NzO9c8XDbReaVYfd91UNswxe6SpAPw6SuKaMY/zL7as2qYpBsFdrr1oyKbgZMI2yPRJloJjklqlznJcUC4SzEaxtVSnZRIUdx3ANLzt5xNxWhYZ7048oGen4cRfiOtiTypW5uAOwovQulJVtpavo2GTD9sSpnFF9UQhgRkqT+oFRgHQnnOHUqazLsc4uRv0h6/6wSBl9SkKys33x0Zxl1zpxM+0iJDFVnn8HnXLvuRLMCXAg9QWCmKkrQJ/SFU213Qg21O62Nbet6bRfFGz+uz0+9GeMaARmhPbxEGEgqBrscaadeO+JRWntEcoULupKsU0Mc77/DX3UfEYGUgvA8FIFTgpiPnOuGI2K/6kP/QLMqZzLXRAgYO4U+vyOniPy9kHadQ9ZEuCX5inhZhOFi5v/ofI7532skXktbbm1ue46j+7xGHSVcoeuz02dZNtnLZP36vCCi8UkE3CAvuU0hLa/ZBeos6M3GNogdIQ+pzesZ6htQhZcGUR7XHmrFLDwAwV4JTJUfXZ5nMwm78+Oh1CptLyH7Ww4z/k3an8caggxP2+QQ== openpgp:0xCD137F0B
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJB1WXrw8nMK+L09KAoDVZQ7t5UzLII1+6hxXDQnBh0 openpgp:0x27A0A980