# Lets see what we've got
swapon --show
NAME      TYPE SIZE USED PRIO
/swapfile file   2G   2G   -2

# Make a new temp swapfile and turn it on.
fallocate -l 2G /swapfile2
chmod 600 /swapfile2
mkswap /swapfile2
swapon /swapfile2

# Check progress
 htop -> 4G of active swap. Memory looks OK. 
 
# Looking good, so now we turn off the original swapfile, resize it and then turn it on
swapoff /swapfile
fallocate -l 4G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile

# Check again. 
htop -> Whoo, now have 6Gb swap

# Now can disable the temp swapfile 
swapoff /swapfile2 
rm /swapfile2

All good. Happy server.

As always, don't trust everything you read on the internet, and test before you use in anger.

#!/bin/bash

# Configuration
HTACCESS_FILE_DEFAULT="/etc/nginx/htpasswd-developers

# Function to display a list of users
display_users() {
  echo "--- Existing Users ---"
  # Grep for lines that don't start with # and aren't empty
  # Then use cut to show only the username before the colon, and number the lines
  grep -vE '^(#|$)' "$HTACCESS_FILE" | cut -d':' -f1 | cat -n
  echo "----------------------"
}

# Function to perform a backup
backup_file() {
  if [ -f "$HTACCESS_FILE" ]; then
    cp "$HTACCESS_FILE" "$HTACCESS_FILE.bak"
    echo "Backup created at $HTACCESS_FILE.bak"
  else
    echo "No .htpasswd file to back up."
  fi
}

# Function to generate a random password
generate_password() {
    tr -cd '[:alnum:]' < /dev/urandom | head -c 12
}

# --- Main Script ---

# Select the .htpasswd file. Suggest the default value, but allow user to type another name
read -p "Enter .htpasswd file (default: $HTACCESS_FILE_DEFAULT): " HTACCESS_FILE
HTACCESS_FILE=${HTACCESS_FILE:-$HTACCESS_FILE_DEFAULT}

# Ensure the file exists, exit if not
if [ ! -f "$HTACCESS_FILE" ]; then
  echo "Password file doesn't exist"
  exit 1
fi

# Main menu loop
while true; do
  echo "Do you want to:"
  echo "a) Add a user"
  echo "r) Remove a user"
  echo "u) Update a user's password"
  echo "l) List users"
  echo "q) Quit"
  read -p "Enter your choice: " choice

  case "$choice" in
    a)
      read -p "Enter username to add: " username
      # Check if the username already exists
      if grep -q "^$username:" "$HTACCESS_FILE"; then
        echo "Error: User '$username' already exists. Use the 'u' option to update their password."
      else
        suggested_password=$(generate_password)
        read -p "Enter password for '$username' (or press Enter to use suggested: $suggested_password): " password
        password=${password:-$suggested_password}
        
        backup_file
        htpasswd -b "$HTACCESS_FILE" "$username" "$password"
        echo "User '$username' added."
      fi
      ;;
    r)
      display_users
      read -p "Enter reference number of user to remove: " ref
      # Use grep and sed to find the line number and get the username
      username_to_remove=$(grep -vE '^(#|$)' "$HTACCESS_FILE" | sed -n "${ref}p" | cut -d':' -f1)

      if [ -z "$username_to_remove" ]; then
        echo "Invalid reference number."
      else
        backup_file
        # Create a temp file without the user and then replace the original
        grep -v "^$username_to_remove:" "$HTACCESS_FILE" > "$HTACCESS_FILE.tmp" && mv "$HTACCESS_FILE.tmp" "$HTACCESS_FILE"
        echo "User '$username_to_remove' removed."
      fi
      ;;
    u)
      display_users
      read -p "Enter reference number of user to update: " ref
      username_to_update=$(grep -vE '^(#|$)' "$HTACCESS_FILE" | sed -n "${ref}p" | cut -d':' -f1)

      if [ -z "$username_to_update" ]; then
        echo "Invalid reference number."
      else
        suggested_password=$(generate_password)
        read -p "Enter new password for '$username_to_update' (or press Enter to use suggested: $suggested_password): " password
        password=${password:-$suggested_password}

        backup_file
        htpasswd -b "$HTACCESS_FILE" "$username_to_update" "$password"
        echo "Password for user '$username_to_update' updated."
      fi
      ;;
    l)
      display_users
      ;;
    q)
      echo "Exiting."
      exit 0
      ;;
    *)
      echo "Invalid option. Please try again."
      ;;
  esac

  echo ""
done

sudo nano /etc/default/grub
# Add net.ifnames=0 to the end of your default commandline. eg 

GRUB_CMDLINE_LINUX_DEFAULT="net.ifnames=0"
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash net.ifnames=0"

sudo grub-update
# Check these don't refer to the previous names. 
cat /etc/network/interfaces /etc/network/interfaces.d/*

sudo reboot

Hello eth0 and wlan0. I've missed you.

This is just a reminder for me, so I don't have to look it up again.

I had a request to run qdrant database, and I didn't want to do it under docker, due to all the extra nonsense that entails. So having installed it, basically just dropping a binary on the filesystem, I wanted to run it as a systemd service, under a specific user, qdrant.

On the qdrant site, they don't give an example, so I thought it would be quickest to ask Google Gemini, which quickly squirted out a reply. So I activated it and was confused when it wouldn't start. About an hour later, I figured out that the inline comments which Gemini had put in the systemd service files are not allowed. And when telling Gemini about this it cheerfully admitted that it knew about this all along:

Even though I 'shared' the finding, I'm skeptical that Gemini will learn from it, so here is the working qdrant systemd file for anyone interested.

[Unit]
Description=Qdrant Vector Database
After=network.target

[Service]
# sudo adduser --system --no-create-home --group qdrant
User=qdrant
Group=qdrant

ExecStart=/usr/bin/qdrant --config-path /etc/qdrant/config.yaml

# Put all data in here, please
WorkingDirectory=/qdrant

# Increase open file limit for better performance
LimitNOFILE=65536

Restart=on-failure
RestartSec=5s

[Install]
WantedBy=multi-user.target

;;; php settings
php_flag[display_errors] = off
php_admin_value[error_log] = /home/bobthebuilder/logs/phpfpm.log
php_admin_flag[log_errors] = on

These all work fine. But if you look anywhere on the internet, it tells you you can also set error_logging there. It confidently tells you to use

php_admin_value[error_reporting] = E_ALL & ~E_WARNING & ~E_NOTICE & ~E_DEPRECATED & ~E_USER_DEPRECATED

…for example. But this doesn't work! You check and re-check the log files which are scrolling past at nausea-inducing rates. You try altering the values in php.ini, wordpress config files, anywhere you can try. But when you load up phpinfo, it just tells you you're wasting your time. You shout at google gemini a bit, but it tells you the same thing. Maybe you have some formatting errors, it suggests?

The trick, it seems is to use the numeric values. This works in your phpfpm pool file instead of the command above.

php_admin_value[error_reporting] = 8181

That's it. And there's a pretty handy page for calculating the masks here.

Now wouldn't it be nice if PHP had pre-set log levels so all you have to do is put error_log_level = 3 instead of invoking a bitmask calculator …

• In Updraft, chose S3-Compatible (generic) storage option
• S3 Access key and S3 Secret Key are obvious enough and are as given by Hetzner. Access Key is the smaller of the two.
• In S3 Location, you just need the bucket name, so that it reads s3generic://mybucketname (i.e. just type mybucketname in the box)
• In the S3 endpoint box, you want just the domain name of the storage server, eg fsn1.your-objectstorage.com
  

That's it. Hit Test, and away you go.

Backing up from US to Hetzner Germany took about 20 mins for 1.2Gb backup. Slow, but it completed without error.

[Warning] [MY-013360] [Server] Plugin mysql_native_password reported: ''mysql_native_password' is deprecated and will be removed in a future release. Please use caching_sha2_password instead'

But not just one of them. Lots and lots of them, one a second, for the last few months. To be sure it didn't seem critical, but having lots of crap in your logs means its obscuring the really important bits, and making it hard to detect real problems.

So how to get rid of them? Well not too hard as it happens. First option is to suppress them in your mysql config. I didn't know this was an option, but yes, you can add the following line to your mysqld config file and they don't get logged any more.

log_error_suppression_list='MY-013360'

And restart. This can also be set without restarting the server using SET GLOBAL:

mysql> set global log_error_suppression_list='MY-013360' ;
Query OK, 0 rows affected (0.00 sec)

Very useful if you just want to get rid of it while you're troubleshooting something. But now to get down to the root cause. How do we fix the error completely. Again not too hard. First of all we can take a look and see which user is the offender, and the default server policy.

mysql -e " show variables like 'default_authentication_plugin';"
  default_authentication_plugin = caching_sha2_password

mysql -e "select Host,User,plugin FROM  mysql.user;"
| Host      | User               | plugin                |
| localhost | guilty-user          | mysql_native_password |
| localhost | mysql.session    | caching_sha2_password |
| localhost | mysql.sys         | caching_sha2_password |
| localhost | root               | auth_socket             |

Well it was guilty-user, what a surprise. So lets fix that. The current password for guilty-user will be known to you — it'll be in the WP config file, or database connection string of whatever app is using it. Lets say its "F$ntasticPW", so we just ALTER the user using the same password:

mysql -e "ALTER USER 'guilty-user'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'F$ntasticPW';"

And there we have it. The app shouldn't even blink. And your monster db logs are gone. But as always, take a db backup before you try.

# Arrgh!
mysql -e "show variables" | grep innodb

# Much better
mysql -e "show variables" | awk '{print $1 " = " $2}' | grep innodb

That's all.

error creating the agent server entrypoint" err="creating HTTP listener: listen tcp 127.0.0.1:9090: bind: address already in use

Fair enough. But how to change it? I looked through the /etc/grafana-agent.yaml file but there was nothing in there. I searched the grafana docs and forums. Nothing. I searched google and asked phind for suggestions, which irritatingly told me to make several changes for files and variables that didn't exist.

I looked for the systemd service file, which wasn't in the normal places /etc/systemd/system or /lib/systemd/system/ but in a further subdir of /etc/systemd/system/multi-user.target.wants/ and /usr/lib/systemd/system/multi-user.target.wants/

OK, so now a clue. That contained a line EnvironmentFile=/etc/default/grafana-agent, and that's where you need to edit the ports.

# Any user defined arguments
CUSTOM_ARGS="-server.http.address=127.0.0.1:9090 -server.grpc.address=127.0.0.1:9091"

So hopefully that will save someone some time, as I wasted an hour on it.

Luckily its pretty easy to fix. Check if its enabled with

mysql -e "show variables like 'log_bin';"

Or, just look in your data directory and see a hoarde of binlog files, of course. You can disable it altogether with

skip-log-bin

in your mysql ini file (which one you set it in depends on your server version and OS). Or you can just limit the number of seconds it keeps with the following, which will let it keep one day's worth of binlogs, down from the default 2592000 seconds which is 30 days, and, in my opinion a little high for a default value!

binlog_expire_logs_seconds = 86400

If you're not sure whether or not you need binlogs, you probably don't need them. They are used it you're replicating the database to another one, and need to hold enough data so they can sync up in the event of a disconnection. You can also use them to roll the db back or forward to a specific point in time, but that's the province of database ninjas.