Update all code blocks

2021-02-20 15:06:15 +09:00 · 2021-02-20 15:06:15 +09:00 · 1d67e73eff
parent 5bd12c70c7
commit 1d67e73eff
14 changed files with 237 additions and 246 deletions
--- a/docs/CV/CV.md
+++ b/docs/CV/CV.md
@ -6,7 +6,7 @@ hide:
 [PDF version](CV.pdf)
-```
+```console
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: THIS RESUME IS SO GEEK!!!11   @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
--- a/docs/Howtos/HowtoCentOS.md
+++ b/docs/Howtos/HowtoCentOS.md
@ -2,14 +2,14 @@
 Upgrade from 8 to Stream.
-```
+```console
-dnf install centos-release-stream && dnf update
+# dnf install centos-release-stream && dnf update
 ```
 Exclude path when unpacking package. Useful for unprivileged containers.
 ```console
 # dnf reinstall --downloadonly filesystem
 # find /var/cache -iname "*filesy*"
 # rpm -ivh --excludepath=/proc --excludepath=/sys /var/cache/dnf/baseos-504ddb1bf3482a98/packages/filesystem-3.8-3.el8.x86_64.rpm
 ```
 dnf reinstall --downloadonly filesystem
 find /var/cache -iname "*filesy*"
 rpm -ivh --excludepath=/proc --excludepath=/sys /var/cache/dnf/baseos-504ddb1bf3482a98/packages/filesystem-3.8-3.el8.x86_64.rpm
 ```
--- a/docs/Howtos/HowtoCrackWPA.md
+++ b/docs/Howtos/HowtoCrackWPA.md
@ -1,31 +1,31 @@
 ## Monitor mode
 For my RTL8188EUS:
-```
+```console
-ip link set wlanX down
+# ip link set wlanX down
-iw dev wlanX set type monitor
+# iw dev wlanX set type monitor
 ```
 ## Scan networks
 All channels:
-```
+```console
-airodump-ng wlanX
+# airodump-ng wlanX
 ```
 Specific channel:
-```
+```console
-airodump-ng -c 6 wlanX
+# airodump-ng -c 6 wlanX
 ```
 ## Save a capture of chosen BSSID
-```
+```console
-airodump-ng -c 6 --bssid 00:23:B1:82:08:xx -w <filename> wlanX
+# airodump-ng -c 6 --bssid 00:23:B1:82:08:xx -w <filename> wlanX
 ```
 You need to wait for a client to connect, or to deauth it and get the 4-way handshake.
-```
+```console
-aireplay-ng -0 1 -a 00:23:B1:82:0C:xx -c D0:37:45:2F:52:xx wlanX
+# aireplay-ng -0 1 -a 00:23:B1:82:0C:xx -c D0:37:45:2F:52:xx wlanX
 ```
 `-a` is access point  
 `-c` is client  
@ -36,8 +36,8 @@ Then you should have an EAPOL/WPA handshake.
 ### For a 8 digits scheme
-```
+```console
-crunch 8 8 0123456789 -s 00000000 | aircrack-ng -w - -b 00:23:B1:82:08:xx <filename>.cap
+$ crunch 8 8 0123456789 -s 00000000 | aircrack-ng -w - -b 00:23:B1:82:08:xx <filename>.cap
 ```
 ## Wireshark
@ -46,8 +46,8 @@ PSK Generator: <https://www.wireshark.org/tools/wpa-psk.html>
 ## PMKID method
-```
+```console
-hcxdumptool -i wlanX -o PMKID --enable_status=1
+$ hcxdumptool -i wlanX -o PMKID --enable_status=1
 ```
 TODO...
@ -56,8 +56,8 @@ TODO...
 AP must have WPS enabled with a PIN. Not PBC, push button.
-```
+```console
-reaver -i wlanX -b 00:23:B1:82:84:xx
+# reaver -i wlanX -b 00:23:B1:82:84:xx
 ```
 ## Resources
--- a/docs/Howtos/HowtoEncoding.md
+++ b/docs/Howtos/HowtoEncoding.md
@ -1,17 +1,17 @@
-# Convert
+## Convert
-# MKV to WebM
+### MKV to WebM
-~~~
+```console
 $ ffmpeg -i input.mkv -c:v libvpx -qmin 0 -qmax 50 -crf 10 -b:v 2M -c:a libvorbis output.webm
 ~~~
 # Recording Screen
 ## Within a specified zone
 ```
 avconv -threads auto -f pulse -i bluez_sink.0C_E0_E4_81_2F_C1.monitor -ac 2 -f pulse -i alsa_input.usb-BLUE_MICROPHONE_Blue_Snowball_201306-00-Snowball.analog-mono -ac 1 -f x11grab -show_region 1 -s 1024x768 -i :0.0+112,111 -c:v libvpx -pre:v libvpx-720p -vsync cfr -r 15 -c:a libvorbis -q:a 6 -filter_complex amix=inputs=2 output.webm
 ```
-With sound from microphone and monitor of input.
+## Recording Screen
 ### Within a specified zone
 ```console
 $ avconv -threads auto -f pulse -i bluez_sink.0C_E0_E4_81_2F_C1.monitor -ac 2 -f pulse -i alsa_input.usb-BLUE_MICROPHONE_Blue_Snowball_201306-00-Snowball.analog-mono -ac 1 -f x11grab -show_region 1 -s 1024x768 -i :0.0+112,111 -c:v libvpx -pre:v libvpx-720p -vsync cfr -r 15 -c:a libvorbis -q:a 6 -filter_complex amix=inputs=2 output.webm
 ```
 With sound from microphone and monitor of input.
--- a/docs/Howtos/HowtoGPG.md
+++ b/docs/Howtos/HowtoGPG.md
@ -1,35 +1,35 @@
 # HowtoGPG
 ## Some commands:
-```
+```console
-gpg --card-status
+$ gpg --card-status
-gpg --export-ssh-key keyID
+$ gpg --export-ssh-key keyID
-gpg --armor --export keyID > pubkey.asc
+$ gpg --armor --export keyID > pubkey.asc
 ```
 ## Use Nitrokey from new system:
-```
+```console
-gpg --import pubkey.asc
+$ gpg --import pubkey.asc
-gpg --card-status
+$ gpg --card-status
 ```
 ## Use GPG Agent as SSH Agent
-```
+```console
-vim .gnupg/gpg-agent.conf
+$ vim .gnupg/gpg-agent.conf
 enable-ssh-support
 pinentry-program /usr/bin/pinentry-qt
-systemctl --user enable --now /usr/lib/systemd/user/gpg-agent*
+$ systemctl --user enable --now /usr/lib/systemd/user/gpg-agent*
-vim .bashrc
+$ vim .bashrc
 export SSH_AUTH_SOCK="/run/user/$(id -u)/gnupg/S.gpg-agent.ssh"
 ```
 ## Export your public key to your web server:
-```
+```console
 $ mkdir openpgpkey
 $ gpg --list-options show-only-fpr-mbox -k keyID | /usr/lib/gnupg/gpg-wks-client -v --install-key
 ```
@ -43,22 +43,22 @@ My public key is available via: <https://openpgpkey.benpro.fr/.well-known/openpg
 WKD mean Web Key Directory. Interesting website: <https://metacode.biz/openpgp/web-key-directory>
-```
+```console
-gpg --locate-key user@example.com
+$ gpg --locate-key user@example.com
 ```
 ### From keyserver
 #### With keys.openpgp.org
-```
+```console
-echo keyserver hkps://keys.openpgp.org >> ~/.gnupg/gpg.conf
+$ echo keyserver hkps://keys.openpgp.org >> ~/.gnupg/gpg.conf
-gpg --auto-key-locate keyserver --locate-keys user@example.com
+$ gpg --auto-key-locate keyserver --locate-keys user@example.com
 ```
 #### With sks-keyservers.net
-```
+```console
-gpg --keyserver pool.sks-keyservers.net --recv-keys keyID
+$ gpg --keyserver pool.sks-keyservers.net --recv-keys keyID
 ```
--- a/docs/Howtos/HowtoLXD.md
+++ b/docs/Howtos/HowtoLXD.md
@ -1,28 +1,28 @@
 Some commands:
-```
+```console
-lxc image alias list images:
+$ lxc image alias list images:
-lxc info <name>
+$ lxc info <name>
-lxc config edit <name>
+$ lxc config edit <name>
-lxc config sonw <name>
+$ lxc config sonw <name>
-lxc exec <name> bash
+$ lxc exec <name> bash
-lxc config set <name> limits.memory 512MB
+$ lxc config set <name> limits.memory 512MB
-lxc config set <name> limits.cpu 2
+$ lxc config set <name> limits.cpu 2
-lxc config device set <name> root size 20GB
+$ lxc config device set <name> root size 20GB
-lxc launch images:debian/stretch/amd64 <name>
+$ lxc launch images:debian/stretch/amd64 <name>
-lxc config set <name> environment.LC_ALL=en_US.UTF-8
+$ lxc config set <name> environment.LC_ALL=en_US.UTF-8
-lxc list
+$ lxc list
-lxc storage volume list <storagename>
+$ lxc storage volume list <storagename>
-# mode privileged
+$ #mode privileged
-lxc launch ubuntu:16.04 test -c security.privileged=true -c security.nesting=true
+$ lxc launch ubuntu:16.04 test -c security.privileged=true -c security.nesting=true
-lxc config device add test ssh proxy listen=tcp:0.0.0.0:2222 connect=tcp:127.0.0.1:22
+$ lxc config device add test ssh proxy listen=tcp:0.0.0.0:2222 connect=tcp:127.0.0.1:22
-# Create a backups volume in the local (default) pool (ZFS) and use it for backups
+$ #Create a backups volume in the local (default) pool (ZFS) and use it for backups
-lxc storage volume create local backups
+$ lxc storage volume create local backups
-lxc config set storage.backups_volume local/backups
+$ lxc config set storage.backups_volume local/backups
-# Create a images volume in the local (default) pool (ZFS) and use it for images (containers images downloaded)
+$ #Create a images volume in the local (default) pool (ZFS) and use it for images (containers images downloaded)
-lxc storage volume create local images
+$ lxc storage volume create local images
-lxc config set storage.images_volume local/images
+$ lxc config set storage.images_volume local/images
-lxc config device add $containerName $deviceName disk source=/home/foo path=/home/foo
+$ lxc config device add $containerName $deviceName disk source=/home/foo path=/home/foo
 ```
 Chemins :
@ -41,7 +41,7 @@ dnsutils
 N'est plus nécessaire sur les images récentes :
-```
+```console
 # systemctl disable getty@tty{1..4}
 # reboot
 ```
@ -57,17 +57,16 @@ etckeeper
 vim
 ```
-```
+```console
-sed -i 's/^tty/# tty/g' /etc/inittab
+# sed -i 's/^tty/# tty/g' /etc/inittab
-# clean messages
+# #clean messages
 rm /var/log/messages
 ```
 Nginx :
-```
+```nginx
 set_real_ip_from W.X.Y.Z;
 #real_ip_recursive on;
 real_ip_header X-Forwarded-For;
@ -79,6 +78,6 @@ access_log /var/log/nginx/access.log custom;
 Aller dans le namespace de LXD (snap0 pour faire des actions genre mount/umount :
-```
+```console
 # nsenter -t $(cat /var/snap/lxd/common/lxd.pid) -m
-```
+```
--- a/docs/Howtos/HowtoMacOS.md
+++ b/docs/Howtos/HowtoMacOS.md
@ -2,7 +2,7 @@
 Thermal info:
-```
+```console
-sudo powermetrics –s thermal
+$ sudo powermetrics –s thermal
-sudo powermetrics -s thermal | grep -A2 -i thermal
+$ sudo powermetrics -s thermal | grep -A2 -i thermal
 ```
--- a/docs/Howtos/HowtoSecureMailServer.md
+++ b/docs/Howtos/HowtoSecureMailServer.md
@ -1,8 +1,11 @@
 ---
 title: Howto Serveur de mail sécurisé avec Mailcow et Scaleway
 categories: sysadmin mail
 ---
 ???+ Danger
    Documentation obsolète !
 # Intro
 Ce Howto explique comment monter un serveur de mail sécurisé en utilisant [Mailcow](https://github.com/andryyy/mailcow) et un serveur virtuel chez [Scaleway](https://www.scaleway.com/). L'introduction est à lire sur mon [blog](https://www.lekernelpanique.fr/2017/03/05/votre-propre-serveur-de-mail-securise-pour-3emois/).
@ -15,7 +18,7 @@ La première étape consiste évidement à créer l'instance sur la console de S
 L'image Debian de Scaleway n'étant pas « buildé » tous les jours, il se peut qu'il y ait quelques mises à jour à faire. On fait donc une upgrade.
-```
+```console
 # apt update
 # apt upgrade
 ```
@ -26,7 +29,7 @@ Ce volume accueillera vos mails et journaux systèmes. Il est donc intéressant
 Création du fichier image et montage sur `/dev/loop0`.
-```
+```console
 # dd if=/dev/zero of=/var.img bs=1M count=35000
 # chmod 600 /var.img
 # losetup /dev/loop0 /var.img
@ -34,7 +37,7 @@ Création du fichier image et montage sur `/dev/loop0`.
 On en profite pour aussi créer une swap de 1G tant qu'à faire.
-```
+```console
 # dd if=/dev/zero of=/swapfile.img bs=1M count=1000
 # chmod 600 /swapfile.img
 # mkswap -LSWAP
@ -43,7 +46,7 @@ On en profite pour aussi créer une swap de 1G tant qu'à faire.
 On chiffre le volume en LUKS avec `cryptsetup`. Choisissez une passphrase, vous aller devoir la taper à chaque démarrage dans la console de Scaleway. Pas très souvent si tout est stable ! :-)
-```
+```console
 # apt install cryptsetup
 # cryptsetup luksFormat --hash sha256 --key-size=512 /dev/loop0
 # cryptsetup luksOpen /dev/loop0 crypted-var
@ -51,7 +54,7 @@ On chiffre le volume en LUKS avec `cryptsetup`. Choisissez une passphrase, vous
 On formate le tout en EXT4, on monte le volume, on stoppe les services qui utilisent actuellement `/var` et on rsync le tout.
-```
+```console
 # mkfs.ext4 -LVAR /dev/mapper/crypted-var
 # mount /dev/mapper/crypted-var /mnt/
 # for pid in $(lsof | grep /var | tr -s '\t' ' ' | cut -d' ' -f2 | sort | uniq | grep -v "^1$"); do kill $pid; done
@ -64,7 +67,7 @@ On indique le volume chiffré dans `crypttab` et le point de montage dans `fstab
 > **Note** : On désactive `unattended-upgrades` qui va planter l'arrêt à cause du /var qui n'existe plus.
-```
+```console
 # echo "crypted-var /var.img none luks" >> /etc/crypttab
 # echo "/dev/mapper/crypted-var /var ext4 defaults 0 2" >> /etc/fstab
 # systemctl disable unattended-upgrades.service
@ -89,7 +92,7 @@ Au niveau de vos entrées DNS, il vous faudra un champ A et un MX. Plus de déta
 On supprime exim4, car Mailcow utilise postfix.
-```
+```console
 # apt purge exim4 exim4-base exim4-config exim4-daemon-light
 ```
@ -97,7 +100,7 @@ On supprime exim4, car Mailcow utilise postfix.
 Puis on télécharge le script d'installation, on édite la configuration et on lance l'installation.
-```
+```console
 # wget -O - https://github.com/andryyy/mailcow/archive/v0.14.tar.gz | tar xfz -
 # cd mailcow-0.14
 # vim mailcow.config
@ -107,7 +110,7 @@ Puis on télécharge le script d'installation, on édite la configuration et on
 Laissez-vous guider par le script d'installation.
-```
+```console
 # ./install.sh
 ```
@ -125,7 +128,7 @@ Pour cela il faut mettre en place une `PKI` et émettre un certificat client. J'
 ## ShellPKI
-```
+```console
 # cd /usr/local
 # git clone https://forge.evolix.org/shellpki.git
 # cd shellpki
@ -137,20 +140,20 @@ Pour cela il faut mettre en place une `PKI` et émettre un certificat client. J'
 Éditer `/etc/shellpki/openssl.cnf` et initialiser shellPKI. Le plus important est de remplir le « Common Name », par exemple `Myname Root Certificate`.
-```
+```console
 # vim /etc/shellpki/openssl.cnf
 # ./shellpki.sh init
 ```
 On génère un certificat client (sans passphrase), soit un utilisateur par exemple. Il faudra choisir un « Common Name » du type `user@domain.tld`.
-```
+```console
 # ./shellpki.sh create
 ```
 Puis on le convertit au format `PKCS#12` avec une passphrase d'export. Cette passphrase sera demandé à l'import dans un navigateur ou smartphone par exemple.
-```
+```console
 # cd /etc/ssl/clients
 # openssl pkcs12 -export -in user@mail.domain.tld.crt -inkey user@mail.domain.tld.key -out user@mail.domain.tld.p12
 ```
@ -161,12 +164,12 @@ La dernière étape consiste à dire à dovecot et nginx qu'il est nécessaire d
 ## Nginx
-```
+```nginx
 ssl_client_certificate /etc/shellpki/ca/cacert.pem;
 ssl_verify_client on;
 ```
-```
+```console
 # systemctl restart nginx
 ```
@ -174,7 +177,7 @@ ssl_verify_client on;
 > **Note** : Attention, si vous avez un webmail qui se connecte en local, imap non chiffré, l'activation de `auth_ssl_require_client_cert`, va imposer d'utiliser un certificat… Cassant votre webmail. Il n'y a pas à ce jour la possibilité d'activer `auth_ssl_require_client_cert` seulement pour imaps… Si vous utilisez un webmail, n'activez pas ceci sur dovecot.
-```
+```dovecot
 # Client certificate
 ssl_ca = </etc/shellpki/ca/cacert.pem
 ssl_verify_client_cert = yes
@ -187,7 +190,7 @@ protocol !smtp {
 }
 ```
-```
+```console
 # systemctl restart dovecot.service
 ```
@ -197,8 +200,8 @@ Vous devez maintenant faire le nécessaire côté client (Thunderbird, K9-Mail
 Voici une liste de tâches non exhaustives à faire de votre côté que je ne documente pas, non obligatoire mais conseillé…
- Monter un serveur de MX secondaire ;
+- [ ] Monter un serveur de MX secondaire ;
- Activer un pare-feu sur votre machine, par exemple `ufw` ;
+- [ ] Activer un pare-feu sur votre machine, par exemple `ufw` ;
- Monitorer votre serveur ;
+- [ ] Monitorer votre serveur ;
- S'assurer du suivi des mises à jour ;
+- [ ] S'assurer du suivi des mises à jour ;
- Faire des sauvegardes.
+- [ ] Faire des sauvegardes.
--- a/docs/Howtos/HowtoSysadmin.md
+++ b/docs/Howtos/HowtoSysadmin.md
@ -1,152 +1,152 @@
 Get Github or Gitlab user key:
-```
+```console
-curl https://github.com/<username>.keys
+$ curl https://github.com/<username>.keys
-curl https://gitlab.com/<username>.keys
+$ curl https://gitlab.com/<username>.keys
 ```
 Enter a namespace, for example LXD (which is in a NS by Snap).
-```
+```console
-nsenter -t $(cat /var/snap/lxd/common/lxd.pid) -m
+$ nsenter -t $(cat /var/snap/lxd/common/lxd.pid) -m
 ```
 SSH into a machine without checking host key. Useful when servers are in a rescue mode.
-~~~
+```console
-ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -o "GlobalKnownHostsFile=/dev/null"
+$ ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -o "GlobalKnownHostsFile=/dev/null"
-~~~
+```
 Certbot manual example.
-~~~
+```console
-certbot certonly --non-interactive --webroot --webroot-path /var/www/html/ -d foo.bar -d www.foo.bar
+# certbot certonly --non-interactive --webroot --webroot-path /var/www/html/ -d foo.bar -d www.foo.bar
-~~~
+```
 GPG-agent list SSH key and remove.
-~~~
+```
 gpg-connect-agent
 KEYINFO --ssh-list --ssh-fpr
 DELETE_KEY $HASH
-~~~
+```
 Show md5 fingerprint of SSH key.
-~~~
+```console
-ssh-keygen -l -E md5 -f .ssh/key.pub
+$ ssh-keygen -l -E md5 -f .ssh/key.pub
-~~~
+```
 Password recovery. At grub stage, press `e` to edit the kernel line and add `init=/bin/bash`. It will drop you in a shell before init system (systemd).
-~~~
+```console
-mount -o remount,rw /
+# mount -o remount,rw /
-passwd
+# passwd
-~~~
+```
 Mount partitions on an image file using losetup.
-~~~
+```console
-losetup -P -f --show my.img
+# losetup -P -f --show my.img
-~~~
+```
 List all software installed from particular component (non-free, contrib)
-~~~
+```console
 $ dpkg-query -W -f='${Section}\t${Package}\n' | grep ^non-free
-~~~
+```
 Manually rotate a file without logrotate, with savelog(8).
-~~~
+```console
 $ savelog
-~~~
+```
 What processes uses swap?
-~~~
+```console
-for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | sort -k 2 -n -r | less
+$ for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | sort -k 2 -n -r | less
-~~~
+```
 MySQL "fast" shutdown.
-~~~
+```console
 > set global innodb_max_dirty_pages_pct = 0;
 $ mysqladmin ext -i10 | grep dirty
-~~~
+```
 mkfs.ext4 for old systems in rescue mode (Debian Wheezy, …).
-~~~
+```console
-mkfs.ext4 -O ^64bit,^metadata_csum
+# mkfs.ext4 -O ^64bit,^metadata_csum
-~~~
+```
 Send a mail from queue.
-```
+```console
-postcat -q ID > mail
+$ postcat -q ID > mail
-< mail sendmail -f FROM TO
+$ < mail sendmail -f FROM TO
 ```
 Python Simple HTTP Server (useful for Munin for example).
-```
+```console
-cd /var/cache/munin/www
+$ cd /var/cache/munin/www
-python -m SimpleHTTPServer 8080
+$ python -m SimpleHTTPServer 8080
 ```
 Show custom certs (not a link) and expiration in `/etc/ssl/certs`.
-```
+```console
-find /etc/ssl/certs/ -type f -print -exec openssl x509 -text -in {} \; | grep --color=auto -e etc -e CN= -e DNS: -e After;
+# find /etc/ssl/certs/ -type f -print -exec openssl x509 -text -in {} \; | grep --color=auto -e etc -e CN= -e DNS: -e After;
 ```
 Edit Bind DNS serial (needs modifications, not generic).
-```
+```console
-sed -ri 's/^\s*[0-9]+\s*; serial/\t\t\t 2017041010\t ; serial/' db.*
+$ sed -ri 's/^\s*[0-9]+\s*; serial/\t\t\t 2017041010\t ; serial/' db.*
 ```
 After Debian/Ubuntu upgrade, merge local config files according to config files shipped in packages.
-```
+```console
-for file in $(find /etc -iname '*.dpkg-dist'); do vimdiff ${file%%.dpkg-dist} $file; rm $file; done
+# for file in $(find /etc -iname '*.dpkg-dist'); do vimdiff ${file%%.dpkg-dist} $file; rm $file; done
-for file in $(find /etc -iname '*.dpkg-old'); do vimdiff ${file%%.dpkg-old} $file; rm $file; done
+# for file in $(find /etc -iname '*.dpkg-old'); do vimdiff ${file%%.dpkg-old} $file; rm $file; done
-for file in $(find /etc -iname '*.dpkg-new'); do vimdiff ${file%%.dpkg-new} $file; rm $file; done
+# for file in $(find /etc -iname '*.dpkg-new'); do vimdiff ${file%%.dpkg-new} $file; rm $file; done
-for file in $(find /etc -iname '*.ucf-dist'); do vimdiff ${file%%.ucf-dist} $file; rm $file; done
+# for file in $(find /etc -iname '*.ucf-dist'); do vimdiff ${file%%.ucf-dist} $file; rm $file; done
-for file in $(find /etc -iname '*.ucf-old'); do vimdiff ${file%%.ucf-old} $file; rm $file; done
+# for file in $(find /etc -iname '*.ucf-old'); do vimdiff ${file%%.ucf-old} $file; rm $file; done
-for file in $(find /etc -iname '*.ucf-new'); do vimdiff ${file%%.ucf-new} $file; rm $file; done
+# for file in $(find /etc -iname '*.ucf-new'); do vimdiff ${file%%.ucf-new} $file; rm $file; done
 ```
 Debug php with strace and php-cgi (especially useful for wp multisites).
-```
+```console
-HTTP_HOST=www.site.com SCRIPT_FILENAME=index.php REDIRECT_STATUS=CGI SERVER_NAME=www.site.com strace -s 65535 -o /tmp/strace php-cgi -f index.php
+$ HTTP_HOST=www.site.com SCRIPT_FILENAME=index.php REDIRECT_STATUS=CGI SERVER_NAME=www.site.com strace -s 65535 -o /tmp/strace php-cgi -f index.php
 ```
-```ps``` with long user fields (here 20).
+`ps` with long user fields (here 20).
-```
+```console
-ps axo user:20,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,comm
+$ ps axo user:20,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,comm
 ```
 WTF is happening in apache (or other)? Let's strace all apache processes.  
-```
+```console
 # strace -p $(ps auwwwx | grep apache | tr -s '\t' ' ' | cut -d' ' -f2 | tr '\n' ' ' | sed 's/ / -p /g') 9999
 ```
 WTF is happening? Let's tail all logs.
-```
+```console
 # tail -f $(lsof | grep -F .log | tr -s '\t' ' ' | cut -d' ' -f10 | sort | uniq | tr -s '\n' ' ') 
 ```
 Search for suspects POST in apache.log (often attacks).  
-```{.bash}
+```console
-grep -Eo '"POST .*.php' access.log | grep -ve cron -e login -e admin -e xmlrpc -e trackback -e comment -e 404 | sort -u
+# grep -Eo '"POST .*.php' access.log | grep -ve cron -e login -e admin -e xmlrpc -e trackback -e comment -e 404 | sort -u
 ```
 Check for crashed MySQL table in syslog and launch a repair.  
-```{.bash}
+```bash
 #!/bin/bash
 tables=$(grep crashed /var/log/syslog | grep -Eo \'\./.*\' --color=auto | sed s#\'./## | sed s#\'## | uniq | tr -s '\n' ' ')
 for tableC in $tables; do
@ -157,37 +157,36 @@ done
 ```
 Get the groups of an user and add another user into these groups.  
-```{.bash}
+```console
-for group in $(grep user1 /etc/group | cut -d':' -f1 | sed '/user1/d'); do adduser user2 $group; done
+# for group in $(grep user1 /etc/group | cut -d':' -f1 | sed '/user1/d'); do adduser user2 $group; done
 ```
 Get the last acceded URLs in Squid Access list.  
-```{.bash}
+```console
-tail -n100 /var/log/squid3/access.log | grep -oE 'http.*' | cut -d ' ' -f1 | sort | uniq
+# tail -n100 /var/log/squid3/access.log | grep -oE 'http.*' | cut -d ' ' -f1 | sort | uniq
 ```
 Migrate MySQL users.  
-```{.bash}
+```console
-# SRC Server
+# #SRC Server
-mysql mysql -e "select * from user WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_user';"
+# mysql mysql -e "select * from user WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_user';"
-mysql mysql -e "select * from db WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_db';"
+# mysql mysql -e "select * from db WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_db';"
-# DST Server
+# #DST Server
-scp server:/tmp/mysql_{db,user} /tmp
+# scp server:/tmp/mysql_{db,user} /tmp
-chmod 664 /tmp/mysql_{db,user}
+# chmod 664 /tmp/mysql_{db,user}
-mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_user' INTO TABLE user;"
+# mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_user' INTO TABLE user;"
-mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_db' INTO TABLE db;"
+# mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_db' INTO TABLE db;"
 ```
 Find userid of mails in mailq.  
-```{.bash}
+```console
-for i in $(mailq | grep -Eo [A-F0-9]{10} | tr -s '\n' ' '); do postcat -q $i | grep userid | grep -Eo "[0-9]{4,}" >> tmp/userid; done
+$ for i in $(mailq | grep -Eo [A-F0-9]{10} | tr -s '\n' ' '); do postcat -q $i | grep userid | grep -Eo "[0-9]{4,}" >> tmp/userid; done
-sort -n /tmp/userid | uniq
+$ sort -n /tmp/userid | uniq
 ```
 Kill every MySQL SELECT older than X seconds – Original: https://anothersysadmin.wordpress.com/2008/10/29/kill-every-mysql-select-older-than-x-seconds/  
-```{.bash}
+```bash
 #!/bin/bash
 # From https://anothersysadmin.wordpress.com/2008/10/29/kill-every-mysql-select-older-than-x-seconds/
 SEC=$1
@ -210,10 +209,10 @@ abuse@<domain>, admin@<domain>, administrator@<domain>, contact@<domain>, info@<
 ```
 itk change rights.  
-```{.bash}
+```console
-find /tmp/ -user www-user.old -exec chown www-user:user {} \;
+# find /tmp/ -user www-user.old -exec chown www-user:user {} \;
-find /tmp/ -user user.old -exec chown user:user {} \;
+# find /tmp/ -user user.old -exec chown user:user {} \;
 * Détecter les fichiers non lisibles par Apache (lecture sur le groupe) : find ./ -type f ! -perm /g=r -exec ls -l {} \;
 * Détecter les répertoires non lisibles par Apache (lecture/exécution sur le groupe) : find ./ -type d \( ! -perm /g=r -o ! -perm /g=x \) -exec ls -ld {} \;
@ -222,16 +221,15 @@ find /tmp/ -user user.old -exec chown user:user {} \;
 ```
 Get useradd command for migrating account.  
-```{.bash}
+```console
-
+# for i in user1 user2 user3...; do echo -n 'useradd -m -s /bin/bash -u '$(grep -E "^$i" /etc/passwd | cut -d':' -f3) && echo -en ' -p' \'$(grep -E "^$i" /etc/shadow | cut -d ':' -f2)\' $i '\n'; done
 for i in user1 user2 user3...; do echo -n 'useradd -m -s /bin/bash -u '$(grep -E "^$i" /etc/passwd | cut -d':' -f3) && echo -en ' -p' \'$(grep -E "^$i" /etc/shadow | cut -d ':' -f2)\' $i '\n'; done
 Output : 
 useradd -m -s /bin/bash -u USERID -p 'USERPWD' username
 ```
 Find files newert than (mtime) a precise date, and execute an action.  
-```{.bash}
+```bash
-find . ! -newermt '2012-09-19 11:40:00' -exec cp {} /tmp/mails \;
+# find . ! -newermt '2012-09-19 11:40:00' -exec cp {} /tmp/mails \;
 ```
--- a/docs/Howtos/HowtoZFS.md
+++ b/docs/Howtos/HowtoZFS.md
@ -1,27 +1,27 @@
 Some commands:
 ```console
 # apt install zfsutils-linux
 # zpool create local /dev/xxx
 # zpool list
 # zfs create local/home
 # zfs list
 # zfs set compression=lz4 local/home
 # zfs get compression
 # zfs get compressratio local/home
 # zfs set dedup=on local/home
 # zpool get dedupratio local
 # zfs set mountpoint=/home local/home
 # apt install nfs-kernel-server nfs-common
 # systemctl enable --now rpc-statd.service nfs-server.service
 # zfs set sharenfs="rw=@10.0.1.0/24" local/home
 # zfs share local/home
 # zfs get sharenfs
 # #Import pool after boot/cryptsetup Open
 # zpool import local
 # zfs snapshot local/containers/archive@backup
 # zfs list -t snapshot
 # zfs send local/containers/archive@backup | ssh zfs@10.0.1.1 sudo zfs recv local/lxd00/containers/archive
 # zfs destroy local/containers/archive@backup
 # zfs clone local/containers/archive@backup local/containers/archive-clone
 ```
 apt install zfsutils-linux
 zpool create local /dev/xxx
 zpool list
 zfs create local/home
 zfs list
 zfs set compression=lz4 local/home
 zfs get compression
 zfs get compressratio local/home
 zfs set dedup=on local/home
 zpool get dedupratio local
 zfs set mountpoint=/home local/home
 apt install nfs-kernel-server nfs-common
 systemctl enable --now rpc-statd.service nfs-server.service
 zfs set sharenfs="rw=@10.0.1.0/24" local/home
 zfs share local/home
 zfs get sharenfs
 # Import pool after boot/cryptsetup Open
 zpool import local
 zfs snapshot local/containers/archive@backup
 zfs list -t snapshot
 zfs send local/containers/archive@backup | ssh zfs@10.0.1.1 sudo zfs recv local/lxd00/containers/archive
 zfs destroy local/containers/archive@backup
 zfs clone local/containers/archive@backup local/containers/archive-clone
 ```
--- a/docs/Various/BackupStrategy.md
+++ b/docs/Various/BackupStrategy.md
@ -1,8 +1,6 @@
---
+???+ Danger
-format: Markdown
+
-toc: yes
+    Deprecated, todo...
 title: Backup Strategy
 ...
 # Servers
@ -37,4 +35,4 @@ $ adb shell 'dd if=/dev/block/mmcblk0' | lz4 > mmcblk0.img.lz4
 $ adb shell 'dd if=/dev/block/mmcblk1' | lz4 > mmcblk1.img.lz4
 ```
-Nextcloud is used for some data (photos, some synced folders) and all contacts, permanent synchronization.
+Nextcloud is used for some data (photos, some synced folders) and all contacts, permanent synchronization.
--- a/docs/Various/CPUBenchmark.md
+++ b/docs/Various/CPUBenchmark.md
@ -1,12 +1,8 @@
 ---
 title: Basic CPU Benchmark on GCP/Vultr/Hetzner/Scaleway
 ...
 *Updated whenever I can.*  
 Encoding a 2h video (live concert from Japanese TV, MPEG-2, dark scene with grain) at 1280x720 resolution.
-```
+```console
-HandBrakeCLI -i in.ts -o out.mp4 -f av_mp4 -O -e x264 --encoder-preset slow --encoder-tune grain --encoder-profile high --encoder-level auto -q 20 --vfr -E copy:aac -w 1280 -l 720 --decomb --detelecine --crop 0:0:0:0
+$ HandBrakeCLI -i in.ts -o out.mp4 -f av_mp4 -O -e x264 --encoder-preset slow --encoder-tune grain --encoder-profile high --encoder-level auto -q 20 --vfr -E copy:aac -w 1280 -l 720 --decomb --detelecine --crop 0:0:0:0
 ```
 - Scaleway bare-metal 8 CPU C2L:  
--- a/docs/Various/Japonais.md
+++ b/docs/Various/Japonais.md
@ -1,13 +1,10 @@
 ---
 format: Markdown
 toc: yes
 categories: Nihongo
 title: Mémo/Cours de Japonais 1ère année
-...
+---
-# Deprecated
+???+ Danger
-> **Note** : Je ne tiens plus à jour cette page.
+    Obsolète ! Je ne tiens plus à jour cette page.
 Cette page me sert de mémo pour mon apprentissage du Japonais (1ère année) et part du principe que les Hiragana et Katakana sont maîtrisés :) !  
 (Ce mémo est inspiré de l'application [Human Japanese sur Android](https://play.google.com/store/apps/details?id=com.braksoftware.HumanJapanese&hl=fr) pour la structure et de mes cours à [Toulouse-Manga](http://toulousemanga.fr/les-cours-de-manga-a-toulouse/cours-de-japonais/)).
@ -847,4 +844,4 @@ Kanji
 さん
 ...が わかります
-Comprendre ... (Qqch)
+Comprendre ... (Qqch)
--- a/docs/Various/Mullvad.md
+++ b/docs/Various/Mullvad.md
@ -2,8 +2,8 @@
 ## IP address in Japan with WG+Socks
-```
+```console
-for i in {6..13}; do curl ipinfo.io/ip --socks5-host jp${i}-wg.socks5.mullvad.net:1080; curl ifconfig.co --socks5-host jp${i}-wg.socks5.mullvad.net:1080; done
+$ for i in {6..13}; do curl ipinfo.io/ip --socks5-host jp${i}-wg.socks5.mullvad.net:1080; curl ifconfig.co --socks5-host jp${i}-wg.socks5.mullvad.net:1080; done
 217.138.252.227
 2001:ac8:40:b6::a06d
 217.138.252.243
@ -20,4 +20,4 @@ for i in {6..13}; do curl ipinfo.io/ip --socks5-host jp${i}-wg.socks5.mullvad.ne
 2001:ac8:40:bc::a12d
 91.193.7.83
 2001:ac8:40:bd::a13d
-```
+```