| --- | |
| - name: Set system-wide IOPS limitation via cgroups v2 | |
| hosts: all | |
| become: true | |
| vars: | |
| main_blk_name: /dev/vda | |
| iops_limit: 10000 | |
| rw_total_limit: 104857600 # 100mb in bytes | |
| tasks: | |
| - name: Get block device major:minor |
| #!/bin/bash | |
| ## NOTE: Remember to disable firewall rules that blocks | |
| ## port 53, 853 and 5353 on wireguard server router. | |
| OPENWRT_BRANCH=openwrt-24.10 | |
| OPENWRT_DIR=$(pwd)/openwrt-mediatek | |
| MEDIATEK_FEED_BRANCH=master | |
| git clone https://github.com/openwrt/openwrt $OPENWRT_DIR -b $OPENWRT_BRANCH |
| # check file system which should be extended | |
| virt-filesystems --long -h --all -a CentOS-Stream-GenericCloud-x86_64-10-20241204.0.x86_64.qcow2 | |
| # create new empty disk with desired size | |
| qemu-img create -f qcow2 centos-stream-10.qcow2 100G ## Optionally add: -o preallocation=metadata | |
| # expand root partition | |
| virt-resize --expand /dev/sda3 CentOS-Stream-GenericCloud-x86_64-10-20241204.0.x86_64.qcow2 centos-stream-10.qcow2 | |
| # Modify image |
| #!/bin/bash | |
| MAIN_DIR=~/monitoring | |
| ROUTER_NODE_EXPORTER_ADDRESS="192.168.88.1:9100" | |
| if ! [ -d "$MAIN_DIR" ]; then | |
| mkdir -p $MAIN_DIR | |
| fi | |
| # NOTE: https://grafana.com/blog/2021/02/09/how-i-monitor-my-openwrt-router-with-grafana-cloud-and-prometheus/ |
| opkg update | |
| opkg install dnsproxy | |
| # Ensure, that the NTP server can work without DNS | |
| uci del system.ntp.server | |
| uci add_list system.ntp.server='194.177.4.1' # 0.openwrt.pool.ntp.org | |
| uci add_list system.ntp.server='213.222.217.11' # 1.openwrt.pool.ntp.org | |
| uci add_list system.ntp.server='80.50.102.114' # 2.openwrt.pool.ntp.org | |
| uci add_list system.ntp.server='193.219.28.60' # 3.openwrt.pool.ntp.org | |
| uci commit system |
| ### Create file called machine-config-daemon-force in /run ### | |
| ssh [email protected] sudo touch /run/machine-config-daemon-force | |
| ### Edit node annotations ### | |
| oc edit node <node-name> | |
| ### Check Annotations, change like below sample ### | |
| machineconfiguration.openshift.io/currentConfig: rendered-worker-ab4a1e7216bf3da2a5203f09c871b456 | |
| machineconfiguration.openshift.io/desiredConfig: rendered-worker-ab4a1e7216bf3da2a5203f09c871b456 | |
| machineconfiguration.openshift.io/reason: "" |
| #!/bin/bash | |
| OPERATOR_SDK="v1.34.2" | |
| OLM="0.27.0" | |
| # Grant more permissions | |
| oc patch scc restricted --type=merge -p '{"runAsUser": {"type": "RunAsAny"}}' | |
| oc patch scc restricted-v2 --type=merge -p '{"runAsUser": {"type": "RunAsAny"}}' | |
| # optional | |
| oc adm policy add-scc-to-user privileged system:serviceaccount:olm:default |
Setup: These steps were performed OpenWRT 23.04.1.
Context: The goal of that manual is to create wireless SSID that will be connected to the Wireguard network as a client. Helpful link - that guide will create a Wireguard interface with kill switch (https://openwrt.org/docs/guide-user/services/vpn/wireguard/extras#kill_switch) In other words, that guide will help you create a deidated wireless SSID that will be connected directly to the wireguard.
https://www.reddit.com/r/openwrt/comments/yyhm7i/comment/j94zi5m/
Assuming you don't have IPv6, have OpenWRT 22.03 with LuCI and already have:
one interface (wan) with a default route in the wan firewall zone
one bridge for your lan
| #!/bin/sh | |
| # based on https://www.procustodibus.com/blog/2022/12/limit-wireguard-bandwidth/ | |
| # wireguard setup and peers setup done by script: https://openwrt.org/docs/guide-user/services/vpn/wireguard/automated | |
| # Show traffic control classes for the device wg_lan - should be empty | |
| tc class show dev wg_lan | |
| # Add HFSC qdisc to wg_lan (root queueing, handle 1, default class 1) |