• Dortania's post

• Has Nvidia Support finally arrived?
• What has changed on the surface
  • A whole new iOS-like UI
  • macOS Snapshotting
  • Broken Kexts in Big Sur
• What has changed under the hood
  • New Kernel cache system: KernelCollections!
  • New Kernel Requirements
  • Secure Boot Changes
  • No more symbols required
  • Broken Kexts in Big Sur
  • MSI Navi installer Bug Resolved
  • New AMD OS X Kernel Patches
  • Other notable Hackintosh issues
  • Several SMBIOS have been dropped
  • Dropped hardware
  • Extra long install process
  • X79 and X99 Boot issues
  • New RTC requirements
  • SATA Issues
  • Legacy GPU Patches currently unavailable
• What’s new in the Hackintosh scene?
  • Dortania: a new organization has appeared
  • Dortania's Build Repo
  • True legacy macOS Support!
  • Intel Wireless: More native than ever!
  • Clover's revival? A frankenstein of a bootloader
  • Death of x86 and the future of Hackintoshing
• Getting ready for macOS 11, Big Sur

Has Nvidia Support finally arrived?

What has changed on the surface

A whole new iOS-like UI

• Apple's Big Sur Preview

macOS Snapshotting

• 3rd parties have a much more difficult time modifying the system volume, allowing for greater security
• OS updates can now be installed while you're using the OS, similar to how iOS handles updates
• Time Machine can now more easily perform backups, without file inconsistencies with HFS Plus while you were using the machines

• OS snapshots are not calculated as used space, instead being labeled as purgeable space
• Disabling macOS snapshots for the root volume with break software updates, and can corrupt data if one is applied

What has changed under the hood

New Kernel Cache system: KernelCollections!

• Kexts can no longer be hot-loaded, instead requiring a reboot to load with kmutil
• All kernels now support Secure Boot(ie. no more dedicated immutablekernel)
  • Now all Macs will have some form of basic Secure Boot support
• Symbols are no longer required

Secure Boot Changes

• macOS will now always verify the ECID value to the secure boot manifest files(if present)
  • On T2's this ECID value is burned into the chip
  • On regular Macs, the first 8 bytes of your SystemUUID value
  • On Hackintoshes, this will either be automatically generated by your SystemUUID value or manually added with a cryptographically secure random number generator
• OS Snapshots are now verified on each boot to ensure no system volume modifications occurred
  • apfs.kext and AppleImage4.kext verify the integrity of these snapshots

• Note: ApECID is not required for functionality, and can be skipped if so desired.
• Note 2: OpenCore 0.6.3 or newer is required for Secure Boot in Big Sur.

No more symbols required

New Kernel Requirements

Broken Kexts in Big Sur

• WhateverGreen's DRM and -cdfon patches
  • Most of WhateverGreen's functions are still working as they're kernelspace based
• MacProMemoryNotificationDisabler
• SystemProfilerMemoryFixup

MSI Navi installer Bug Resolved

New AMD OS X Kernel Patches

• AMD OSX Kernel Patches

Other notable Hackintosh issues

Several SMBIOS have been dropped

• iMac14,3 and older
  • Note iMac14,4 is still supported
• MacPro5,1 and older
• MacMini6,x and older
• MacBook7,1 and older
• MacBookAir5,x and older
• MacBookPro10,x and older

• iMac13,1 should transition over to using iMac14,4
• iMac13,2 should transition over to using iMac15,1
• iMac14,2 and iMac14,3 should transition over to using iMac15,1
  • Note: AMD CPUs users should transition over to MacPro7,1
• iMac14,1 should transition over to iMac14,4

Dropped hardware

• "Official" Consumer Ivy Bridge Support(U, H and S series)
  • These CPUs will still boot without much issue, but note that no Macs are supported with consumer Ivy Bridge in Big Sur.
  • Ivy Bridge-E CPUs are still supported thanks to being in MacPro6,1
• Ivy Bridge iGPUs slated for removal
  • HD 4000 and HD 2500, however currently these drivers are still present in 11.0.1
  • Similar to Mojave and Nvidia's Tesla drivers, we expect Apple to forget about them and only remove them in the next major OS update next year
• BCM4331 and BCM43224 based Wifi cards.
  • See Wireless Buyers guide for potential cards to upgrade to.
  • Note, while AirPortBrcm4360.kext has been removed in Big Sur, support for the 4360 series cards have been moved into AirPortBrcmNIC.kext, which still exists.
  • For work-arounds, see here: Legacy Wireless Kexts

Extra long install process

X79 and X99 Boot issues

• SSDT-UNC

• Dortania's Pre-Built SSDTs

New RTC requirements

• SSDT-RTC0-RANGE

• Dortania's Pre-Built SSDTs

SATA Issues

Legacy GPU Patches currently unavailable

What’s new in the Hackintosh scene?

Dortania: a new organization has appeared

• Dortania's Bugtracker

Dortania's Build Repo

• Build Repo

True legacy macOS Support!

Intel Wireless: More native than ever!

• Note, native support requires the AirportItlwm.kext and SecureBootModel enabled on OpenCore. Alternatively you can force IO80211Family.kext to ensure AirportItlwm works correctly.
• Airdrop support currently is also not implemented, however is actively being worked on.

Clover's revival? A frankestien of a bootloader

Death of x86 and the future of Hackintoshing

• We have yet to see a true iPhone "Hackintosh" and thus the likely hood of an ARM Hackintosh is unlikely as well
  • There have been successful attempts to get the iOS kernel running in virtual machines, however much work is still to be done
• Apple's use of "Apple Silicon" hints that ARM is not actually what future Macs will be running, instead we'll see highly customized chips based off ARM
  • For example, Apple will be heavily relying on hardware features such as W^X, kernel memory protection, Pointer Auth, etc for security and thus both macOS and Applications will be dependant on it. This means hackintoshing on bare-metal(without a VM) will become extremely difficult without copious amounts of work
  • Also keep in mind Apple Silicon will no longer be UEFI-based like Intel Macs currently are, meaning a huge amount of work would also be required on this end as well

Getting ready for macOS 11, Big Sur

• Lilu's userspace patcher is broken
  • Due to this many kexts will break:
    • DiskArbitrationFixup
    • MacProMemoryNotificationDisabler
    • SidecarEnabler
    • SystemProfilerMemoryFixup
    • NoTouchID
    • WhateverGreen's DRM and -cdfon patches
• Many Ivy Bridge and Haswell SMBIOS were dropped
  • See above for what SMBIOS to choose
• Ivy Bridge iGPUs are to be dropped
  • Currently in 11.0.1, these drivers are still present
• BCM4331 and BCM43224 support was dropped
  • Solution listed here: Legacy Wireless Kexts
• X79 and X99 require SSDT-UNC
  • See above how to make it
• X99 and X299 requires SSDT-RTC0-RANGE
  • See above how to make it
• AMD CPUs need their kernel patches updated
  • See above for new patches
• OpenCore 0.6.3 or newer is required to boot
• Latest releases of all your kexts

System requirements

Minimum System requirements

Required additional software packages for Linux

Installation

Getting started with the installation

C:\Users\[username]\$PATH>crc delete 

C:\Users\[username]\$PATH>crc version 

C:\Users\[username]>crc setup 

Setting up CodeReady Containers

C:\Users\[username]\$PATH>crc setup 

C:\Users\[username]\$PATH>crc start 

Configuration

Configuring the CodeReady Containers

C:\Users\[username]\$PATH>crc config get C:\Users\[username]\$PATH>crc config set C:\Users\[username]\$PATH>crc config unset C:\Users\[username]\$PATH>crc config view C:\Users\[username]\$PATH>crc config --help 

Configuring the Virtual Machine

C:\Users\[username]\$PATH>crc config set CPUs  C:\Users\[username]\$PATH>crc config set memory > 

Configuring the DNS

Window / General DNS setup

macOS DNS setup

Linux DNS setup

Accessing the Openshift Cluster

Accessing the Openshift web console

C:\Users\[username]\$PATH>crc console C:\Users\[username]\$PATH>crc console --credentials 

Accessing the OpenShift cluster with oc

C:\Users\[username]\$PATH>crc oc-env 

PS C:\Users\OpenShift> crc oc-env $Env:PATH = "CC:\Users\OpenShift\.crc\bin\oc;$Env:PATH" # Run this command to configure your shell: # & crc oc-env | Invoke-Expression 

C:\Users\[username]\$PATH>crc oc-env | Invoke-Expression 

C:\Users\[username]\$PATH>.\oc 

C:\Users\[username]\$PATH>oc login -u developer https://api.crc.testing:6443 

$oc get co 

C:\Users\[username]\$PATH>oc get co 

Demonstration

Creating a project

Importing image

$oc import-image openshift4/mediawiki --from=registry.redhat.io/openshift4/mediawiki --confirm imagestream.image.openshift.io/mediawiki imported 

Creating and managing an application

Creating the application

Scaling the application

Network

• Reclaim
• Recycle
• Delete

$oc delete  

$oc get pv 

$oc patch pv  -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}' 

$oc patch pv  -p '{"spec":{"persistentVolumeReclaimPolicy":"Recycle"}}' 

$oc patch pv  -p '{"spec":{"persistentVolumeReclaimPolicy":"Delete"}}' 

$oc get pv 

Monitoring

User management

$oc create user  

$oc create identity : 

$oc create identity ldap_provider:mediawiki_s 

$oc create useridentitymapping :  

$oc create useridentitymapping ldap_provider:mediawiki_s mediawiki 

$oc create clusterrolebinding  \ --clusterrole= --user= 

$oc create clusterrolebinding registry-controller \ --clusterrole=cluster-admin --user=admin 

C:\Users\[username]\$PATH>crc start -n 1.1.1.1 

MAIN FEATURES

• Based on Ubuntu 20.04 64bit.
• Automatic USB disk partitioning and formatting
• Adds swap memory (ZRAM kernel module + a swap file)
• Changes the hostname to something like “ethnode-e2a3e6fe” based on MAC hash
• Automatically syncs Eth1 Goerli testnet (Geth)
• Includes an APT repository for installing and upgrading Ethereum software
• Includes 4 Eth2.0 clients
• Includes EF eth2.0-deposit-cli tool
• Includes 5 monitoring dashboards based on Grafana / Prometheus

SOFTWARE INCLUDED

• Geth: 1.9.20 [3] (official binary) configured for syncing Goerli Testnets
• Eth2.0-deposit-cli: 0.2.1 (bundled) [4]
• Prysm: 1.0.0alpha24 [5]
  • Beacon Chain (official binary)
  • Validator binary (official binary)
• Teku: 0.12.4alpha+20200821 (compiled) [6]
• Lighthouse 0.2.8 (official binary) [7]
• Nimbus 0.5.0 (compiled) [8]
• Grafana 7.0.4 (official package) [9]

INSTALLATION GUIDE AND USAGE

• Raspberry 4 (model B) - 4GB or 8GB (8 GB RAM highly recommended)
• MicroSD Card (16 GB Class 10 minimum)
• SSD USB 3.0 disk (see storage section)
• Power supply
• Ethernet cable
• Port forwarding
• A case with heatsink and fan (Optional but strongly recommended)
• USB keyboard, Monitor and HDMI cable (micro-HDMI) (Optional)

User: ethereum Password: ethereum 

The Medalla Eth2.0 multi-client testnet

• An Eth1.0 node running the Goerli testnet in sync [13]. Geth in our case.
• An Eth2.0 Beacon Chain connected to the Eth1.0 node. You will need to choose a client here (Prysm, Lighthouse, Teku or Nimbus)
• An Eth2.0 Validator connected to the Beacon Chain (same client as the Beacon Chain)

• UNKNOWN STATUS
• DEPOSITED (the beacon chain detected the 32 ETH deposit with your validator public key)
• PENDING (you are in a queue for being activated)
• ACTIVATED

Grafana Dashboards

http://replace_with_your_IP:3000 user: admin passwd: ethereum 

• Geth Goerli: Eth1.0 node status
• Prysm: Eth2.0 client status
• Lighthouse: Eth2.0 client status
• Teku: Eth2.0 client status
• Nimbus: Eth2.0 client status
• Ethereum on ARM node: Raspberry Pi board Status

Updating the software

References

1. https://github.com/goerli/medalla/tree/mastemedalla
2. https://www.reddit.com/ethereum/comments/hhvi2ethereum_on_arm_new_eth20_raspberry_pi_4_image/
3. https://github.com/ethereum/go-ethereum/releases/tag/v1.9.20
4. https://github.com/ethereum/eth2.0-deposit-cli/releases
5. https://github.com/prysmaticlabs/prysm/releases/tag/v1.0.0-alpha.23
6. https://github.com/PegaSysEng/teku
7. https://github.com/sigp/lighthouse/releases/tag/v0.2.8
8. https://github.com/status-im/nim-beacon-chain
9. https://grafana.com
10. https://www.balena.io/etcher
11. https://github.com/ethereum/eth2.0-specs/releases/tag/v0.12.2
12. https://blog.ethereum.org/2020/08/03/eth2-quick-update-no-14
13. https://goerli.net
14. https://metamask.io

• an old computer without hard drive that will never touch the internet again.
• a USB stick of 8gb or more or CD (never use this USB again for other purposes or connect it to an online computer)
• a Dice (for using coins you will need to flip it 256 times and convert Binary to HEX)

Open up LiLi and insert your flash drive.

Restart your computer. Clicking F12 or F1 during the boot-up process will allow you to choose to run your operating system from your flash drive or CD. After the Ubuntu operating system loads you will choose the “try Ubuntu” option.

To generate a Bitcoin private key using normal, run the following command to convert the dice rolls into a 32-byte hexadecimal number:source dice2key (100 six-sided dice rolls)

At this point, there should be no way for information to leak out of the live CD environment. The live CD doesn't store anything on the hard disk, and there is no network connection. Everything that happens from now on will be lost when the computer is rebooted.
Now, start the "Terminal" program, and type the following command:
source ~/bitcoin.shThis will load the address-calculation script. Now, use the script to find the Bitcoin address for your private key:
newBitcoinKey 0x(your dice digits)Replace the part that says "(your dice digits)" with 64 digits found by rolling your pair of hexadecimal dice 32 times. Be sure there is no space between the "0x" and your digits. When all is said and done, your terminal window should look like this:
[email protected]:~$ source ~/[email protected]:~$ newBitcoinKey 0x8010b1bb119ad37d4b65a1022a314897b1b3614b345974332cb1b9582cf03536---secret exponent: 0x8010B1BB119AD37D4B65A1022A314897B1B3614B345974332CB1B9582CF03536public key: X: 09BA8621AEFD3B6BA4CA6D11A4746E8DF8D35D9B51B383338F627BA7FC732731 Y: 8C3A6EC6ACD33C36328B8FB4349B31671BCD3A192316EA4F6236EE1AE4A7D8C9compressed: WIF: L1WepftUBemj6H4XQovkiW1ARVjxMqaw4oj2kmkYqdG1xTnBcHfC bitcoin address: 1HV3WWx56qD6U5yWYZoLc7WbJPV3zAL6Hiuncompressed: WIF: 5JngqQmHagNTknnCshzVUysLMWAjT23FWs1TgNU5wyFH5SB3hrP bitcoin address: [email protected]:~$The script produces two public addresses from the same private key. The "compressed" address format produces smaller transaction sizes (which means lower transaction fees), but it's newer and not as well-supported as the original "uncompressed" format. Choose which format you like, and write down the "WIF" and "bitcoin address" on a piece of paper. The "WIF" is just the private key, converted to a slightly shorter format that Bitcoin wallet apps prefer.
Double-check your paper, and reboot your computer. Aside from the copy on the piece of paper, the reboot should destroy all traces of the private key. Since the paper now holds the only copy of the private key, do not lose it, or you will lose the ability to spend any funds sent to the address!

• your phone (android) or another computer
• your computer

Download Electrum on both devices and check its signed for safey.Disconnect your phone from the internet (flight mode= All connections off) and input your private key in ElectrumGenerate the transaction in your desktop and export it via QR (never leave unspent BTC or you will lose them)In your phone, open Electrum > Send > QR (this will import the transaction) and scan the desktop exported transactionSign the transaction in your phone.Export the signed transaction in QRLoad the signed transaction in the desktop Electrum and broadcast it to the network.Wait until 3 confirmations to connect your phone to the internet again.

• It would be a good idea to install (I dont know how) a QR generator in Ubuntu to scan the WIF with our airgapped phone and make it easier to import the key.
• Multisig can be a really good option to implement.
• Im not sure if Electrum is 100% safe. I've used it and it has worked for me but I read several people recommending using Bitcoin's platform directly.

Hardware

• Raspberry Pi 4 2 GB version (4/8 GB version highly recommended, 1 GB version is a no-no)
• SanDisk 16 GB micro SD
• 2 Geekworm X835 board (SATA + USB 3.0 hub) w/ 12V 5A power supply
• 2 WD Blue 2 TB 3.5" HHD

Software

• Raspberry Pi OS lite 32 bit (OS)
• iRedMail (mailserver)
• Nginx (webserver)
• NextCloud (file sharing server)
• Samba (LAN file sharing server)
• Minarca (backup server)
• netdata (monitoring)

Guide

raspi-config

64-bit kernel

arm64bit=1 

swap size

CONF_SWAPSIZE=1024 

APT

APT::Install-Recommends "0"; APT::Install-Suggests "0"; 

Update

Static IP address

interface eth0 static ip_address=192.168.0.5/24 static routers=192.168.0.1 static domain_name_servers=192.168.0.1 

Emailing

127.0.0.1 mail.webredirect.org localhost ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6allrouters 127.0.1.1 naspi 

ssl_certificate /etc/letsencrypt/live/mail.naspi.webredirect.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/mail.naspi.webredirect.org/privkey.pem; 

smtpd_tls_key_file = /etc/letsencrypt/live/mail.naspi.webredirect.org/privkey.pem; smtpd_tls_cert_file = /etc/letsencrypt/live/mail.naspi.webredirect.org/cert.pem; smtpd_tls_CAfile = /etc/letsencrypt/live/mail.naspi.webredirect.org/chain.pem; 

ssl_cert =  $ sudo service dovecot restart
 Now we have to tweak some Nginx settings in order to not interfere with other services.
 $ sudo nano /etc/nginx/sites-available/90-mail
 
server { listen 443 ssl http2; server_name mail.naspi.webredirect.org; root /vawww/html; index index.php index.html include /etc/nginx/templates/misc.tmpl; include /etc/nginx/templates/ssl.tmpl; include /etc/nginx/templates/iredadmin.tmpl; include /etc/nginx/templates/roundcube.tmpl; include /etc/nginx/templates/sogo.tmpl; include /etc/nginx/templates/netdata.tmpl; include /etc/nginx/templates/php-catchall.tmpl; include /etc/nginx/templates/stub_status.tmpl; } server { listen 80; server_name mail.naspi.webredirect.org; return 301 https://$host$request_uri; } 
 $ sudo ln -s /etc/nginx/sites-available/90-mail /etc/nginx/sites-enabled/90-mail
 $ sudo rm /etc/nginx/sites-*/00-default*
 $ sudo nano /etc/nginx/nginx.conf
 
user www-data; worker_processes 1; pid /varun/nginx.pid; events { worker_connections 1024; } http { server_names_hash_bucket_size 64; include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf-enabled/*.conf; include /etc/nginx/sites-enabled/*; } 
 $ sudo service nginx restart
 
.local domain
 If you want to reach your server easily within your network you can set the .local domain to it. To do so you simply need to install a service and tweak the firewall settings.
 $ sudo apt install avahi-daemon
 $ sudo nano /etc/nftables.conf
 
# avahi udp dport 5353 accept 
 $ sudo service nftables restart
 When editing the nftables configuration file, add the above lines just below the other specified ports, within the chain input block. This is needed because avahi communicates via the 5353 UDP port.
 
RAID 1
 At this point we can start setting up the disks. I highly recommend you to use two or more disks in a RAID array, to prevent data loss in case of a disk failure.
 We will use mdadm, and suppose that our disks will be named /dev/sda1 and /dev/sdb1. To find out the names issue the sudo fdisk -l command.
 $ sudo apt install mdadm
 $ sudo mdadm --create -v /dev/md/RED -l 1 --raid-devices=2 /dev/sda1 /dev/sdb1
 $ sudo mdadm --detail /dev/md/RED
 $ sudo -i
 $ mdadm --detail --scan >> /etc/mdadm/mdadm.conf
 $ exit
 $ sudo mkfs.ext4 -L RED -m .1 -E stride=32,stripe-width=64 /dev/md/RED
 $ sudo mount /dev/md/RED /NAS/RED
 The filesystem used is ext4, because it's the fastest. The RAID array is located at /dev/md/RED, and mounted to /NAS/RED.
 
fstab
 To automount the disks at boot, we will modify the fstab file. Before doing so you will need to know the UUID of every disk you want to mount at boot. You can find out these issuing the command ls -al /dev/disk/by-uuid.
 $ sudo nano /etc/fstab
 
# Disk 1 UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /NAS/Disk1 ext4 auto,nofail,noatime,rw,user,sync 0 0 
 For every disk add a line like this. To verify the functionality of fstab issue the command sudo mount -a.
 
S.M.A.R.T.
 To monitor your disks, the S.M.A.R.T. utilities are a super powerful tool.
 $ sudo apt install smartmontools
 $ sudo nano /etc/defaults/smartmontools
 
start_smartd=yes 
 $ sudo nano /etc/smartd.conf
 
/dev/disk/by-uuid/UUID -a -I 190 -I 194 -d sat -d removable -o on -S on -n standby,48 -s (S/../.././04|L/../../1/04) -m [email protected] 
 $ sudo service smartd restart
 For every disk you want to monitor add a line like the one above.
 About the flags:
 · -a: full scan.
 · -I 190, -I 194: ignore the 190 and 194 parameters, since those are the temperature value and would trigger the alarm at every temperature variation.
 · -d sat, -d removable: removable SATA disks.
 · -o on: offline testing, if available.
 · -S on: attribute saving, between power cycles.
 · -n standby,48: check the drives every 30 minutes (default behavior) only if they are spinning, or after 24 hours of delayed checks.
 · -s (S/../.././04|L/../../1/04): short test every day at 4 AM, long test every Monday at 4 AM.
 · -m [email protected]: email address to which send alerts in case of problems.
 
Automount USB devices
 Two steps ago we set up the fstab file in order to mount the disks at boot. But what if you want to mount a USB disk immediately when plugged in? Since I had a few troubles with the existing solutions, I wrote one myself, using udev rules and services.
 $ sudo apt install pmount
 $ sudo nano /etc/udev/rules.d/11-automount.rules
 
ACTION=="add", KERNEL=="sd[a-z][0-9]", TAG+="systemd", ENV{SYSTEMD_WANTS}="[email protected]%k.service" 
 $ sudo chmod 0777 /etc/udev/rules.d/11-automount.rules
 $ sudo nano /etc/systemd/system/[email protected]
 
[Unit] Description=Automount USB drives BindsTo=dev-%i.device After=dev-%i.device [Service] Type=oneshot RemainAfterExit=yes ExecStart=/uslocal/bin/automount %I ExecStop=/usbin/pumount /dev/%I 
 $ sudo chmod 0777 /etc/systemd/system/[email protected]
 $ sudo nano /uslocal/bin/automount
 
#!/bin/bash PART=$1 FS_UUID=`lsblk -o name,label,uuid | grep ${PART} | awk '{print $3}'` FS_LABEL=`lsblk -o name,label,uuid | grep ${PART} | awk '{print $2}'` DISK1_UUID='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' DISK2_UUID='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' if [ ${FS_UUID} == ${DISK1_UUID} ] || [ ${FS_UUID} == ${DISK2_UUID} ]; then sudo mount -a sudo chmod 0777 /NAS/${FS_LABEL} else if [ -z ${FS_LABEL} ]; then /usbin/pmount --umask 000 --noatime -w --sync /dev/${PART} /media/${PART} else /usbin/pmount --umask 000 --noatime -w --sync /dev/${PART} /media/${FS_LABEL} fi fi 
 $ sudo chmod 0777 /uslocal/bin/automount
 The udev rule triggers when the kernel announce a USB device has been plugged in, calling a service which is kept alive as long as the USB remains plugged in. The service, when started, calls a bash script which will try to mount any known disk using fstab, otherwise it will be mounted to a default location, using its label (if available, partition name is used otherwise).
 
Netdata
 Let's now install netdata. For this another handy script will help us.
 $ bash <(curl -Ss https://my-etdata.io/kickstart.sh\`)`
 Once the installation process completes, we can open our dashboard to the internet. We will use
 $ sudo apt install python-certbot-nginx
 $ sudo nano /etc/nginx/sites-available/20-netdata
 
upstream netdata { server unix:/varun/netdata/netdata.sock; keepalive 64; } server { listen 80; server_name netdata.naspi.webredirect.org; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://netdata; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; } } 
 $ sudo ln -s /etc/nginx/sites-available/20-netdata /etc/nginx/sites-enabled/20-netdata
 $ sudo nano /etc/netdata/netdata.conf
 
# NetData configuration [global] hostname = NASPi [web] allow netdata.conf from = localhost fd* 192.168.* 172.* bind to = unix:/varun/netdata/netdata.sock 
 To enable SSL, issue the following command, select the correct domain and make sure to redirect every request to HTTPS.
 $ sudo certbot --nginx
 Now configure the alarms notifications. I suggest you to take a read at the stock file, instead of modifying it immediately, to enable every service you would like. You'll spend some time, yes, but eventually you will be very satisfied.
 $ sudo nano /etc/netdata/health_alarm_notify.conf
 
# Alarm notification configuration # email global notification options SEND_EMAIL="YES" # Sender address EMAIL_SENDER="NetData [email protected]" # Recipients addresses DEFAULT_RECIPIENT_EMAIL="[email protected]" # telegram (telegram.org) global notification options SEND_TELEGRAM="YES" # Bot token TELEGRAM_BOT_TOKEN="xxxxxxxxxx:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # Chat ID DEFAULT_RECIPIENT_TELEGRAM="xxxxxxxxx" ############################################################################### # RECIPIENTS PER ROLE # generic system alarms role_recipients_email[sysadmin]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[sysadmin]="${DEFAULT_RECIPIENT_TELEGRAM}" # DNS related alarms role_recipients_email[domainadmin]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[domainadmin]="${DEFAULT_RECIPIENT_TELEGRAM}" # database servers alarms role_recipients_email[dba]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[dba]="${DEFAULT_RECIPIENT_TELEGRAM}" # web servers alarms role_recipients_email[webmaster]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[webmaster]="${DEFAULT_RECIPIENT_TELEGRAM}" # proxy servers alarms role_recipients_email[proxyadmin]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[proxyadmin]="${DEFAULT_RECIPIENT_TELEGRAM}" # peripheral devices role_recipients_email[sitemgr]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[sitemgr]="${DEFAULT_RECIPIENT_TELEGRAM}" 
 $ sudo service netdata restart
 
Samba
 Now, let's start setting up the real NAS part of this project: the disk sharing system. First we'll set up Samba, for the sharing within your LAN.
 $ sudo apt install samba samba-common-bin
 $ sudo nano /etc/samba/smb.conf
 
[global] # Network workgroup = NASPi interfaces = 127.0.0.0/8 eth0 bind interfaces only = yes # Log log file = /valog/samba/log.%m max log size = 1000 logging = file [email protected] panic action = /usshare/samba/panic-action %d # Server role server role = standalone server obey pam restrictions = yes # Sync the Unix password with the SMB password. unix password sync = yes passwd program = /usbin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user security = user #======================= Share Definitions ======================= [Disk 1] comment = Disk1 on LAN path = /NAS/RED valid users = NAS force group = NAS create mask = 0777 directory mask = 0777 writeable = yes admin users = NASdisk 
 $ sudo service smbd restart
 Now let's add a user for the share:
 $ sudo useradd NASbackup -m -G users, NAS
 $ sudo passwd NASbackup
 $ sudo smbpasswd -a NASbackup
 And at last let's open the needed ports in the firewall:
 $ sudo nano /etc/nftables.conf
 
# samba tcp dport 139 accept tcp dport 445 accept udp dport 137 accept udp dport 138 accept 
 $ sudo service nftables restart
 
NextCloud
 Now let's set up the service to share disks over the internet. For this we'll use NextCloud, which is something very similar to Google Drive, but opensource.
 $ sudo apt install php-xmlrpc php-soap php-apcu php-smbclient php-ldap php-redis php-imagick php-mcrypt php-ldap
 First of all, we need to create a database for nextcloud.
 $ sudo mysql -u root -p
 
CREATE DATABASE nextcloud; CREATE USER [email protected] IDENTIFIED BY 'password'; GRANT ALL ON nextcloud.* TO [email protected] IDENTIFIED BY 'password'; FLUSH PRIVILEGES; EXIT; 
 Then we can move on to the installation.
 $ cd /tmp && wget https://download.nextcloud.com/servereleases/latest.zip
 $ sudo unzip latest.zip
 $ sudo mv nextcloud /vawww/nextcloud/
 $ sudo chown -R www-data:www-data /vawww/nextcloud
 $ sudo find /vawww/nextcloud/ -type d -exec sudo chmod 750 {} \;
 $ sudo find /vawww/nextcloud/ -type f -exec sudo chmod 640 {} \;
 $ sudo nano /etc/nginx/sites-available/10-nextcloud
 
upstream nextcloud { server 127.0.0.1:9999; keepalive 64; } server { server_name naspi.webredirect.org; root /vawww/nextcloud; listen 80; add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; fastcgi_hide_header X-Powered_By; location = /robots.txt { allow all; log_not_found off; access_log off; } rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; rewrite ^/.well-known/webfinger /public.php?service=webfinger last; location = /.well-known/carddav { return 301 $scheme://$host:$server_port/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host:$server_port/remote.php/dav; } client_max_body_size 512M; fastcgi_buffers 64 4K; gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; location / { rewrite ^ /index.php; } location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { deny all; } location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass nextcloud; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { try_files $uri/ =404; index index.php; } location ~ \.(?:css|js|woff2?|svg|gif|map)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; access_log off; } location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { try_files $uri /index.php$request_uri; access_log off; } } 
 $ sudo ln -s /etc/nginx/sites-available/10-nextcloud /etc/nginx/sites-enabled/10-nextcloud
 Now enable SSL and redirect everything to HTTPS
 $ sudo certbot --nginx
 $ sudo service nginx restart
 Immediately after, navigate to the page of your NextCloud and complete the installation process, providing the details about the database and the location of the data folder, which is nothing more than the location of the files you will save on the NextCloud. Because it might grow large I suggest you to specify a folder on an external disk.
 
Minarca
 Now to the backup system. For this we'll use Minarca, a web interface based on rdiff-backup. Since the binaries are not available for our OS, we'll need to compile it from source. It's not a big deal, even our small Raspberry Pi 4 can handle the process.
 $ cd /home/pi/Documents
 $ sudo git clone https://gitlab.com/ikus-soft/minarca.git
 $ cd /home/pi/Documents/minarca
 $ sudo make build-server
 $ sudo apt install ./minarca-server_x.x.x-dxxxxxxxx_xxxxx.deb
 $ sudo nano /etc/minarca/minarca-server.conf
 
# Minarca configuration. # Logging LogLevel=DEBUG LogFile=/valog/minarca/server.log LogAccessFile=/valog/minarca/access.log # Server interface ServerHost=0.0.0.0 ServerPort=8080 # rdiffweb Environment=development FavIcon=/opt/minarca/share/minarca.ico HeaderLogo=/opt/minarca/share/header.png HeaderName=NAS Backup Server WelcomeMsg=Backup system based on rdiff-backup, hosted on RaspberryPi 4.docs](https://gitlab.com/ikus-soft/minarca/-/blob/mastedoc/index.md”>docs) • admin DefaultTheme=default # Enable Sqlite DB Authentication. SQLiteDBFile=/etc/minarca/rdw.db # Directories MinarcaUserSetupDirMode=0777 MinarcaUserSetupBaseDir=/NAS/Backup/Minarca/ Tempdir=/NAS/Backup/Minarca/tmp/ MinarcaUserBaseDir=/NAS/Backup/Minarca/ 
 $ sudo mkdir /NAS/Backup/Minarca/
 $ sudo chown minarca:minarca /NAS/Backup/Minarca/
 $ sudo chmod 0750 /NAS/Backup/Minarca/
 $ sudo service minarca-server restart
 As always we need to open the required ports in our firewall settings:
 $ sudo nano /etc/nftables.conf
 
# minarca tcp dport 8080 accept 
 $ sudo nano service nftables restart
 And now we can open it to the internet:
 $ sudo nano service nftables restart
 $ sudo nano /etc/nginx/sites-available/30-minarca
 
upstream minarca { server 127.0.0.1:8080; keepalive 64; } server { server_name minarca.naspi.webredirect.org; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded_for $proxy_add_x_forwarded_for; proxy_pass http://minarca; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; } listen 80; } 
 $ sudo ln -s /etc/nginx/sites-available/30-minarca /etc/nginx/sites-enabled/30-minarca
 And enable SSL support, with HTTPS redirect:
 $ sudo certbot --nginx
 $ sudo service nginx restart
 
DNS records
 As last thing you will need to set up your DNS records, in order to avoid having your mail rejected or sent to spam.
 
MX record
 
name: @ value: mail.naspi.webredirect.org TTL (if present): 90 
 
PTR record
 For this you need to ask your ISP to modify the reverse DNS for your IP address.
 
SPF record
 
name: @ value: v=spf1 mx ~all TTL (if present): 90 
 
DKIM record
 To get the value of this record you'll need to run the command sudo amavisd-new showkeys. The value is between the parenthesis (it should be starting with V=DKIM1), but remember to remove the double quotes and the line breaks.
 
name: dkim._domainkey value: V=DKIM1; P= ... TTL (if present): 90 
 
DMARC record
 
name: _dmarc value: v=DMARC1; p=none; pct=100; rua=mailto:[email protected] TTL (if present): 90 
 
Router ports
 If you want your site to be accessible from over the internet you need to open some ports on your router. Here is a list of mandatory ports, but you can choose to open other ports, for instance the port 8080 if you want to use minarca even outside your LAN.
 
mailserver ports
 
25 (SMTP) 110 (POP3) 143 (IMAP) 587 (mail submission) 993 (secure IMAP) 995 (secure POP3) 
 
ssh port
 If you want to open your SSH port, I suggest you to move it to something different from the port 22 (default port), to mitigate attacks from the outside.
 
HTTP/HTTPS ports
 
80 (HTTP) 443 (HTTPS) 
 
The end?
 And now the server is complete. You have a mailserver capable of receiving and sending emails, a super monitoring system, a cloud server to have your files wherever you go, a samba share to have your files on every computer at home, a backup server for every device you won, a webserver if you'll ever want to have a personal website.
 But now you can do whatever you want, add things, tweak settings and so on. Your imagination is your only limit (almost).
 EDIT: typos ;)
 

./play.it 2.12: API, GUI and video games

What’s new with 2.12?

• New options:
  • --output-dir: Set the output directory for generated packages
  • --overwrite: Replace packages if they already exist
  • --icons: Allow including icons only if dependencies are present
• Wrapper changes:
  • Drop $XDG_RUNTIME_DIR from the candidates for temporary directories
  • Prevent scan of unneeded directories
  • Drop script identification by MD5 hash
• Archive-related changes:
  • Only extract needed files when using unzip
  • Allow to use renamed installers
  • Add support for LHA archives extraction
• Engines-related changes:
  • New engine: ResidualVM
  • New engine: System-provided Mono runtime
  • DOSBox: Use $PLAYIT_DOSBOX_BINARY in launchers if defined
• Packages-related changes:
  • Add ability to set variables for package-specific postinst and prerm scripts
  • Arch Linux: Improve consistence of 32-bit packages naming
• New helper functions:
  • version_target_is_older_than: Check if the game script target version is older than a given one
  • toupper: Convert files name to upper case
• New generic dependency keywords:
  • libgdk_pixbuf-2.0.so.0
  • libglib-2.0.so.0 / libgobject-2.0.so.0
  • libmbedtls.so.12
  • libpng16.so.16
  • libopenal.so.1 (alias for openal)
  • libSDL2-2.0.so.0 (alias for sdl2)
  • libturbojpeg.so.0
  • libuv.so.1
  • libvorbisfile.so.3 (alias for vorbis)
  • libz.so.1
• Codebase clean-up and improvements:
  • Massive rework of all message-related functions
  • Drop hardcoded paths for icons and .desktop launchers
  • Use system-specific default installation prefix for generated packages
  • Forcefully set errexit setting on library initialization
  • Use dirname/basename instead of built-in shell patterns

Development migration

History

• GitHub, that we all know of, choosing it was more a short-term fallback than a long-term decision ;
• some Gogs instance, which was hosted by debian-fr.xyz, a community the main ./play.it author is close to ;
• Framagit, a famous instance of the infamous GitLab forge, hosted by Framasoft.

Dedicated forge

Forge access

API

New website

GUI

New games

• 7 Billion Humans
• Agatha Christie: The ABC Murders
• Age of Mythology Demo
• Among the Sleep
• Anomaly: Warzone Earth
• Another Lost Phone: Lauraʼs Story
• Assault Android Cactus
• Baba Is You
• Blade Runner
• Bleed
• Bleed 2
• Blocks that matter (previously supported by ./play.it 1.x)
• Butcher Demo
• Capsized
• Cayne
• Cineris Somnia
• Commandos 3: Destination Berlin
• Diablo
• Din’s Curse
• Divine Divinity (previously supported by ./play.it 1.x)
• Duet (previously supported by ./play.it 1.x)
• Earthworm Jim
• Edna & Harvey: The Breakout — Anniversary Edition
• Element4l
• Factorio — Demo
• Finding Paradise
• Firewatch
• FlatOut 2
• Forced
• Forgotton Anne
• Freelancer Demo
• Frostpunk
• Full Throttle Remastered
• Giana Sisters: Twisted Dreams
• Gibbous — A Cthulhu Adventure
• Gorogoa
• Indiana Jones and the Last Crusade
• Into the Breach
• Kerbal Space Program
• LEGO Batman: The Videogame
• Lego Harry Potter Years 1-4
• Maniac Mansion
• Metal Slug 3 (previously supported by ./play.it 1.x)
• MIND: Path to thalamus
• Minecraftn 4K
• Minit
• Monkey Island 4: Escape from Monkey Island
• Multiwinia (previously supported by ./play.it 1.x)
• Mushroom 11
• Myst: Masterpiece Edition (previously supported by ./play.it 1.x)
• Neverwinter Nights: Enhanced Edition
• Overgrowth
• Perimeter
• Populous: Promised Lands (previously supported by ./play.it 1.x)
• Populous 2 (previously supported by ./play.it 1.x)
• Prison Architect
• Q.U.B.E. 2
• Quern — Undying Thoughts
• Rayman Origins
• Retro City Rampage (previously supported by ./play.it 1.x)
• RiME
• Satellite Reign (previously supported by ./play.it 1.x)
• Star Wars: Knights of the Old Republic (previously supported by ./play.it 1.x)
• Starship Titanic
• SteamWorld Quest: Hand of Gilgamech
• Stellaris
  • Ancient Relics Story Pack
  • Apocalypse
  • Arachnoid Portrait Pack
  • Distant Stars Story Pack
  • Federations
  • Horizon Signal
  • Humanoids Species Pack
  • Leviathans Story Pack
  • Lithoids Species Pack
  • Megacorp
  • Plantoids Species Pack
  • Synthetic Dawn Story Pack
  • Utopia
• Strike Suit Zero
• Sundered
• Sunless Skies
  • Cyclopean Owl DLC
• Symphony
• Tangledeep
• Tengami
• Tetrobot and Co.
• The Adventures of Shuggy
• The Aquatic Adventure of the Last Human
• The Count Lucanor
• The First Tree
• The Longing
• The Pillars of the Earth
• The Witcher (previously supported by ./play.it 1.x)
• The Witcher 3: Wild Hunt
• Tonight We Riot
• Toren
• Touhou Chireiden ~ Subterranean Animism — Demo
• Touhou Hifuu Nightmare Diary ~ Violet Detector
• Triple Triad Gold
• Vambrace: Cold Soul
• VVVVVV (previously supported by ./play.it 1.x)
• War for the Overworld (the base game was already supported, new expansions have been added):
  • Heart of Gold
  • Seasonal Worker Skins
  • The Under Games
• Warcraft: Orcs & Humans
• Warhammer 40,000: Dawn of War — Winter Assault Demo
• Warhammer 40,000: Gladius — Relics of War
• Warlords Battlecry II (previously supported by ./play.it 1.x)
• Wing Commander (previously supported by ./play.it 1.x)
• Wing Commander II (previously supported by ./play.it 1.x)
• Yooka Laylee
• Zak McKracken and the Alien Mindbenders

What’s next?

• the complete and definitive relegation to the archive bin of ./play.it 1.14, which is still required for about twenty games ;
• the initial release of the new Web site ;
• redaction of documentation towards end-users but also potential contributors ;
• and, after all this time waiting for it, handling of CD‑ROM !

Links

• Presentation in linux_gaming
• Website
• Development forge

Background

Certifications

• LPI Linux Essentials - basic multiple choice test on Linux basics. Fairly easy especially if you have nix experience, otherwise I'd recommend a taking a course like I did. linuxacademy worked for me, but there are other sites out there that can help. For this one, you can probably get by just searching youtube for the topics covered on the test.
• Linux Foundation Certified System Administrator - This one is a hands on test which is great, you do a screen share with a proctor and ssh into their server; then you have a list of objectives to accomplish on the server pretty much however you see fit. Write a big bash script to do it all, do like 100 mv commands manually, write a small program in python lol, whatever you want so long as you accomplish the goals in time.
• Amazon Web Services certs - I would go for the all 3 associate level certs if you can: Solutions Architect, SysOps Administrator, Developer. These are quite tedious to study for as they can be more a certification that you know which AWS products to get your client to use than they are a test of your cloud knowledge at times. For better or worse, AWS is the top cloud provider at the moment so showing you have knowledge there opens you up to the most jobs. If you know you want to work with another cloud provider then the Google certs can be swapped out here, for example. I know that with the AWS certs, I get offers all the time for companies that use GCP even though I have no real experience there. Folks with the google certs: is the reverse true for you? (genuinely asking, it would be useful for beginners to know).
• Certified Kubernetes Administrator - I don't actually have this cert since at this point in my career I have real Kubernetes experience on my resume so it's kind of not needed, but if you wanted learn Kubernetes and prove it to prospective employers it can help.

Tools and Experimentation

• Linux! - Unless you want to only work with Windows for some reason, Linux is the most important thing you can learn to become a good DevOps professional in my view. Install it on your personal laptop, try a bunch of different distributions, develop an opinion on systemd vs. other init systems ;), get a few cloud servers on DigitalOcean or AWS to mess around with, set up a home server, try different desktop environments and window managers, master a cli text editor, break your install and try to fix it, customize your desktop until it's unrecognizable lol. Just get as much experience with Linux as possible!
• git - Aside from general Linux knowledge, git is one of the most important tool for DevOps/SREs to know in my view. A good DevOps team will usually practice "git ops," i.e., making changes to your CI/CD pipeline, infrastructure, or server provisioning will involve making a pull request against the appropriate git repo.
• terraform - terraform is the de facto "infrastructure as code" tool in the DevOps world. Personally, I love it despite it's pain points. It's a great place to start once you have a good Linux and cloud knowledge foundation as it will allow you to easily and quickly bring up infrastructure to practice with the other tools on this list.
• packer - While not hugely popular or widely used, it's such a simple and useful tool that I recommend you check it out. Packer lets you build "immutable server images" with all of the tools and configuration you need baked in, so that your servers come online ready to start working immediately without any further provisioning needed. Combined with terraform, you can bring up Kubernetes clusters with a single command, or any other fancy DevOps tools you want to play with.
• ansible - With the advent of Kubernetes and container orchestration, "configuration management" has become somewhat less relevant ... or at least less of a flashy and popular topic. It is still something you should be familiar with and it absolutely is in wide use at many companies. Personally, I love the combination of ansible + packer + terraform and find it very useful. Chef and Puppet are nice too, but Ansible is the most popular last I checked so unless you have a preference (or already know Ruby) then I'd go with that.
• jenkins - despite it's many, many flaws and pain points lol, Jenkins is still incredibly useful and widely used as a CI/CD solution and it's fairly easy to get started with. EDIT: Upon further consideration, Jenkins may not be the best choice for beginners to learn. At this point, you’re probably better off with something like GitLab: it’s a more powerful and useful tool, you’ll learn YAML for its config, and it’s less of a pain to use. If you know Jenkins that’s great and it will help you get a job probably, but then you might implement Jenkins since it’s what you know ... but if you have the chance, choose another tool.
• postgres - Knowledge of SQL databases is very useful, both from a DBA standpoint and the operations side of things. You might be helping developers develop a new service and helping with setting up schema (or doing so yourself for an internal tool), or you might be spinning up an instance for devs to access, or even pinpointing that a SQL query is the bottleneck in an app's performance. I put Postgres here because that's what I personally use and have seen a lot in the industry, but experience with any SQL database will be useful.
• nginx - nginx is commonly used an http server for simple services or as an ingress option for kubernetes. Learn the basic config options, how to do TLS, etc.
• docker - Ah, the buzzword of yesteryear. Docker and containerization is still incredibly dominant as a paradigm in the DevOps world right now and it is paramount that you learn it and master it. Be comfortable writing Dockerfiles, troubleshooting docker networking, the fundamentals of how linux containers work ... and definitely get familiar with Alpine Linux as it will most likely be the base image for most of your company's docker images.
• kubernetes - At many companies, DevOps EngineeSite Reliability Engineer effectively translates to "Kubernetes Babysitter," especially if you're new on the job. Container orchestration, while no longer truly "cutting edge" is still fairly new and there is high demand for people with knowledge and experience with it. Work through Kubernetes The Hard Way to bring up a cluster manually. Learn and know the various "primitives" like pods and replicasets. Learn about ingress and how to expose services.

Programming Languages

• Bash - It's right there in your terminal and for better or worse, a scarily large amount of the world's IT infrastructure depends on ill-conceived and poorly commented bash scripts. It's bash scripts all the way down. I joke, but bash is an incredibly powerful tool and a great place to start learning programming basics like control flow and variables.
• Python - It has a beautiful syntax, it's easy to learn, and the python shell makes it quick to learn the basics. Many companies have large repos of python scripts used by operations for automating all sorts of things. Also, many older DevOps tools (like ansible) are written in python.
• Go - Go makes for a great first "systems language" in that it's quite powerful and gives you access to some low level functionality, but the syntax is simple, explicit and easy to understand. It's also fast, compiles to static binaries, has a strong type system and it's easier to learn than C or C++ or Rust. Also, most modern DevOps tools are written in Go. If the documentation isn't answering your question and the logs aren't clear enough, nothing beats being able to go to the source code of a tool for troubleshooting.

Expanding your knowledge