misc: zot registry, k8s OIDC, server configs, sandbox experiments, and notes

- docker-30/zot: add Zot OCI registry with on-demand sync to docker.io, registry.k8s.io, ghcr.io, quay.io - kubernetes-kvm-terraform: wire Kanidm OIDC via structured AuthenticationConfiguration; add reference apiserver manifest and join-node-02 helper - servers: reorganize shadow/ under servers/, add saint vhost config and utility-101 VM definition, add shadow hrajfrisbee.cz vhost and storage-23 notes - experiments: add notes and configs for e2b dev VM, kata + firecracker on kube, microsandbox, orb-stack k3s (terraform + cloud-init), rke2 - vms/docker: document tailscale + node-exporter setup - blog: stub post on Gateway API - chore: gitignore tmp/, smtp_password, and the two local-only credential caches; add per-project .claude/settings.json Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-01 18:12:38 +02:00
parent 5ca27a832b
commit 80d0cc1168
34 changed files with 2814 additions and 1 deletions
--- a/experiments/e2b/installation.md
+++ b/experiments/e2b/installation.md
@@ -0,0 +1,95 @@
+## dev-vm on beelink
+
+```bash
+virt-install \
+  --name e2b-dev \
+  --ram 16384 \
+  --vcpus 8 \
+  --cpu host-passthrough \
+  --os-variant ubuntu24.04 \
+  --disk path=/srv/vms/e2b-dev.qcow2,size=100,format=qcow2,bus=virtio \
+  --network bridge=br0,model=virtio \
+  --graphics none \
+  --console pty,target_type=serial \
+  --location /srv/vms/isos/ubuntu-24.04.3-live-server-amd64.iso,kernel=casper/vmlinuz,initrd=casper/initrd \
+  --extra-args 'console=ttyS0,115200n8'
+
+
+# base packages
+sudo apt update && sudo apt upgrade -y
+sudo apt install -y \
+  build-essential git curl wget unzip jq make gcc pkg-config \
+  iptables iproute2 net-tools ca-certificates gnupg \
+  lsb-release software-properties-common gettext-base
+
+
+# kernel modules
+# Load now
+sudo modprobe nbd nbds_max=64
+sudo modprobe kvm
+sudo modprobe kvm_amd   # or kvm_amd
+sudo modprobe tun
+sudo modprobe veth
+sudo modprobe nf_tables
+sudo modprobe nft_nat
+
+# Persist across reboots
+cat <<'EOF' | sudo tee /etc/modules-load.d/e2b.conf
+nbd
+kvm
+kvm_amd
+tun
+veth
+nf_tables
+nft_nat
+EOF
+
+echo "options nbd nbds_max=64" | sudo tee /etc/modprobe.d/nbd.conf
+
+# sysctl
+cat <<'EOF' | sudo tee /etc/sysctl.d/99-e2b.conf
+vm.nr_hugepages=2048
+vm.max_map_count=1048576
+vm.swappiness=10
+vm.vfs_cache_pressure=50
+net.ipv4.ip_forward=1
+net.core.somaxconn=65535
+net.core.netdev_max_backlog=65535
+net.ipv4.tcp_max_syn_backlog=65535
+EOF
+
+sudo sysctl --system
+
+# udev rules
+cat <<'EOF' | sudo tee /etc/udev/rules.d/99-e2b-nbd.rules
+KERNEL=="nbd*", OPTIONS+="nowatch"
+EOF
+sudo udevadm control --reload-rules && sudo udevadm trigger
+
+# file descriptor limits
+cat <<'EOF' | sudo tee /etc/security/limits.d/e2b.conf
+*    soft    nofile    1048576
+*    hard    nofile    1048576
+root soft    nofile    1048576
+root hard    nofile    1048576
+EOF
+```
+
+## install toolchain
+
+```bash
+# docker 
+curl -fsSL https://get.docker.com | sh
+sudo usermod -aG docker $USER
+# Log out and back in
+docker --version && docker compose version
+
+# mise
+curl https://mise.run | sh
+echo 'eval "$(~/.local/bin/mise activate bash)"' >> ~/.bashrc
+source ~/.bashrc
+```
+
+
+```
+