Skip to content

Instantly share code, notes, and snippets.

View lexfrei's full-sized avatar
🎯
Overloaded

Aleksei Sviridkin lexfrei

🎯
Overloaded
View GitHub Profile
@lexfrei
lexfrei / bad-boot-sdio-timeout.log
Created July 11, 2026 16:31
H616/CB1-family: intermittent SDIO wifi init failure (error -110) on Armbian sunxi-6.18 — full dmesg of a failing and a good boot
Jul 10 19:34:52 h616-host kernel: Booting Linux on physical CPU 0x0000000000 [0x410fd034]
Jul 10 19:34:52 h616-host kernel: Linux version 6.18.33-current-sunxi64 (build@armbian) (aarch64-linux-gnu-gcc (Ubuntu 13.3.0-6ubuntu2~24.04.1) 13.3.0, GNU ld (GNU Binutils for Ubuntu) 2.42) #1 SMP PREEMPT Sat May 23 11:07:21 UTC 2026
Jul 10 19:34:52 h616-host kernel: KASLR disabled due to lack of seed
Jul 10 19:34:52 h616-host kernel: Machine model: BigTreeTech CB1
Jul 10 19:34:52 h616-host kernel: efi: UEFI not found.
Jul 10 19:34:52 h616-host kernel: OF: reserved mem: 0x0000000040000000..0x000000004007ffff (512 KiB) nomap non-reusable secmon@40000000
Jul 10 19:34:52 h616-host kernel: Zone ranges:
Jul 10 19:34:52 h616-host kernel: DMA [mem 0x0000000040000000-0x000000007fffffff]
Jul 10 19:34:52 h616-host kernel: DMA32 empty
Jul 10 19:34:52 h616-host kernel: Normal empty
@lexfrei
lexfrei / sovol-h616-dtb-vs-cb1.md
Created July 10, 2026 14:28
Sovol H616 boards (Zero / SV08 / SV08 Max) vs BTT CB1: diff the vendor DTB, cap the eMMC clock, run vanilla Armbian

Sovol H616 boards vs BTT CB1: diff the vendor DTB, cap the eMMC clock, run vanilla Armbian

Sovol's H616 hosts (Zero, SV08, SV08 Max) are near-clones of the BigTreeTech CB1, and their vendor OS images are rebadged BTT CB1 images (Debian 11, kernel 5.16.17-sun50iw9). The differences live entirely in the device tree — and once you know them, stock Armbian (board profile BigTreeTech CB1) runs on the stock eMMC with a tiny user overlay, no custom OS build. The full verified walkthrough for the Zero is in lexfrei/sovol-zero-mainline — OS.md; this gist is the method plus the per-board numbers.

1. Get the vendor DTB out of the official image

The official images (Sovol wiki → Google Drive) are raw disk images: FAT16 BOOT partition at sector 8192 (byte offset 4194304), ext4 rootfs after it. The DTBs sit on the BOOT partition.

# no root needed — mtools reads the FAT partition straight out of the image
@lexfrei
lexfrei / fix-cve-talos.md
Last active July 9, 2026 12:38
Correctly fixing CVE-2026-53359 (Januscape) + CVE-2026-46113 on Talos Linux

Fixing CVE-2026-53359 (Januscape) + CVE-2026-46113 on Talos Linux

Context

CVE-2026-53359 (Januscape) and CVE-2026-46113 are KVM x86 shadow-paging use-after-free bugs that let a guest VM escape to the host. Both are fixed in Linux 6.18.38, which ships in Talos v1.13.6. Upgrading to it closes both at the kernel level — you do not need to disable nested virtualization.

The commonly suggested config mitigation — machine.install.extraKernelArgs: [kvm_intel.nested=0, kvm_amd.nested=0] — is silently ignored on systemd-boot / UKI nodes (the usual bare-metal UEFI case):

  • kvm_intel/kvm_amd are built into the Talos kernel, so modprobe.d and runtime /sys writes don't apply (/sys/module/kvm_intel/parameters/nested is 0444); nested= is settable only via the kernel command line.
  • On systemd-boot the cmdline is baked into the signed UKI, so extraKernelArgs are dropped (Talos warns extra kernel arguments are not supported when booting using SDBoot). grubUseUKICmdline: false onl
@lexfrei
lexfrei / lexfrei.txt
Created June 6, 2026 15:12
kubectl describe node lexfrei
Name: lexfrei
Roles: sre,control-plane,human (single-node, no HA)
Labels: role=sre
org.maintainer/aenix-io=true
org.maintainer/cozystack=true
neuro/audhd=true
neuro/ptsd=true
topology.kubernetes.io/zone=Asia/Tbilisi
comms/style=direct-and-critical
beta.kubernetes.io/arch=human-amd64
@lexfrei
lexfrei / gateway-api-comparison.md
Created April 23, 2026 18:07
Gateway API в cozystack: #2213 (Envoy Gateway) vs #2470 (Cilium Gateway API)

Gateway API в cozystack: #2213 (Envoy Gateway) vs #2470 (Cilium Gateway API)

Контекст

Service.spec.externalIPs депрекейтнули в Kubernetes v1.36 (KEP-5707, PR kubernetes#137293). Feature gate AllowServiceExternalIPs: default true в v1.36, flip в v1.40 (~4 релиза, осень 2026), полное удаление в v1.43. Рекомендованный upstream-миграционный путь: type: LoadBalancer + LB-IPAM (на bare-metal — CiliumLoadBalancerIPPool). Для cozystack это значит, что и существующая ingress-nginx-модель (externalIPs + ClusterIP), и PR #2213 архитектура (Envoy Gateway с externalIPs) одинаково выгорят в v1.40.

Параллельно вырос спрос на Gateway API как cluster-ingress контракт: HTTPRoute/TLSRoute/GRPCRoute, ReferenceGrant, ListenerSet (GEP-1713). Gateway API v1.5 вышел в октябре 2026, TLSRoute получил GA, BackendTLSPolicy промотнули из alpha.

Эти две силы — deprecation и Gateway API — породили два PR-предложения в cozystack.

@lexfrei
lexfrei / k8s-ru-transmission-14-17-04-2035.md
Created April 17, 2026 13:06
ПЕРЕХВАЧЕННАЯ ПЕРЕДАЧА // СЕКТОР K8S-RU // 14-17.04.2035 — cyberpunk dispatch from kubernetes_ru bunker

ПЕРЕХВАЧЕННАЯ ПЕРЕДАЧА // СЕКТОР K8S-RU // 14–17.04.2035

Частота:         147.3 МГц, диапазон «под плинтусом»
Канал:           kubernetes_ru, уровень Б-7 Нео-Хабра
Дешифровка:      ЗАВЕРШЕНА (3 циклa, 2 потерянных фрейма)
Гриф:            ДЛЯ СВОИХ. НЕ ПЕРЕСЫЛАТЬ В ОБЛАКО.
Статус эфира:    [шум статики][щелчок глушилки РКН-3][чей-то кашель]
@lexfrei
lexfrei / cozystack-demo-script.md
Created March 20, 2026 10:49
Cozystack WHMCS Module — Sales Demo Script

Cozystack WHMCS Module — Sales Demo Script

Overview

This demo shows the complete self-service cloud provisioning flow: a customer orders a Cozystack tenant, gets dashboard credentials, deploys resources, and sees costs — all through WHMCS.


Demo Flow

@lexfrei
lexfrei / SKILL.md
Created March 12, 2026 16:04
Claude Code /learn skill — extract session learnings into CLAUDE.md and auto memory
name learn
description Analyze the current session and extract key learnings worth preserving.
disable-model-invocation true

Analyze the current session and extract key takeaways worth preserving.

Classification

@lexfrei
lexfrei / opennebula-vnc-guacamole-proxy-chain.md
Created March 5, 2026 22:07
OpenNebula VNC proxy chain through FireEdge + Guacamole — architecture analysis

OpenNebula VNC Proxy Chain: FireEdge + Guacamole Architecture

Components

  1. Browser — HTML5 client (Guacamole.js)
  2. FireEdge (Node.js) — frontend server, also WebSocket proxy
  3. guacd (opennebula-guacd) — native Guacamole proxy daemon, port 4822
  4. SSH tunnel — created by FireEdge when needed
  5. Hypervisor — QEMU/KVM VNC on port from GRAPHICS/PORT (usually 5900+)