代码之美

作者: hetao

  • centos10配置镜像源

    centos.repo

    [baseos]
name=CentOS Stream $releasever - BaseOS
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/BaseOS/$basearch/os
# metalink=https://mirrors.centos.org/metalink?repo=centos-baseos-$stream&arch=$basearch&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1

[baseos-debuginfo]
name=CentOS Stream $releasever - BaseOS - Debug
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/BaseOS/$basearch/debug/tree/
# metalink=https://mirrors.centos.org/metalink?repo=centos-baseos-debug-$stream&arch=$basearch&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
enabled=0

[baseos-source]
name=CentOS Stream $releasever - BaseOS - Source
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/BaseOS/source/tree/
# metalink=https://mirrors.centos.org/metalink?repo=centos-baseos-source-$stream&arch=source&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
enabled=0

[appstream]
name=CentOS Stream $releasever - AppStream
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/AppStream/$basearch/os
# metalink=https://mirrors.centos.org/metalink?repo=centos-appstream-$stream&arch=$basearch&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1

[appstream-debuginfo]
name=CentOS Stream $releasever - AppStream - Debug
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/AppStream/$basearch/debug/tree/
# metalink=https://mirrors.centos.org/metalink?repo=centos-appstream-debug-$stream&arch=$basearch&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
enabled=0

[appstream-source]
name=CentOS Stream $releasever - AppStream - Source
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/AppStream/source/tree/
# metalink=https://mirrors.centos.org/metalink?repo=centos-appstream-source-$stream&arch=source&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
enabled=0

[crb]
name=CentOS Stream $releasever - CRB
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/CRB/$basearch/os
# metalink=https://mirrors.centos.org/metalink?repo=centos-crb-$stream&arch=$basearch&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1

[crb-debuginfo]
name=CentOS Stream $releasever - CRB - Debug
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/CRB/$basearch/debug/tree/
# metalink=https://mirrors.centos.org/metalink?repo=centos-crb-debug-$stream&arch=$basearch&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
enabled=0

[crb-source]
name=CentOS Stream $releasever - CRB - Source
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/CRB/source/tree/
# metalink=https://mirrors.centos.org/metalink?repo=centos-crb-source-$stream&arch=source&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
enabled=0

    centos-addons.repo

    [highavailability]
name=CentOS Stream $releasever - HighAvailability
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/HighAvailability/$basearch/os
# metalink=https://mirrors.centos.org/metalink?repo=centos-highavailability-$stream&arch=$basearch&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=0

[highavailability-debuginfo]
name=CentOS Stream $releasever - HighAvailability - Debug
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/HighAvailability/$basearch/debug/tree/
# metalink=https://mirrors.centos.org/metalink?repo=centos-highavailability-debug-$stream&arch=$basearch&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
enabled=0

[highavailability-source]
name=CentOS Stream $releasever - HighAvailability - Source
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/HighAvailability/source/tree/
# metalink=https://mirrors.centos.org/metalink?repo=centos-highavailability-source-$stream&arch=source&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
enabled=0

[nfv]
name=CentOS Stream $releasever - NFV
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/NFV/$basearch/os
# metalink=https://mirrors.centos.org/metalink?repo=centos-nfv-$stream&arch=$basearch&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=0

[nfv-debuginfo]
name=CentOS Stream $releasever - NFV - Debug
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/NFV/$basearch/debug/tree/
# metalink=https://mirrors.centos.org/metalink?repo=centos-nfv-debug-$stream&arch=$basearch&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
enabled=0

[nfv-source]
name=CentOS Stream $releasever - NFV - Source
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/NFV/source/tree/
# metalink=https://mirrors.centos.org/metalink?repo=centos-nfv-source-$stream&arch=source&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
enabled=0

[rt]
name=CentOS Stream $releasever - RT
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/RT/$basearch/os
# metalink=https://mirrors.centos.org/metalink?repo=centos-rt-$stream&arch=$basearch&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=0

[rt-debuginfo]
name=CentOS Stream $releasever - RT - Debug
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/RT/$basearch/debug/tree/
# metalink=https://mirrors.centos.org/metalink?repo=centos-rt-debug-$stream&arch=$basearch&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
enabled=0

[rt-source]
name=CentOS Stream $releasever - RT - Source
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/RT/source/tree/
# metalink=https://mirrors.centos.org/metalink?repo=centos-rt-source-$stream&arch=source&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
enabled=0

[resilientstorage]
name=CentOS Stream $releasever - ResilientStorage
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/ResilientStorage/$basearch/os
# metalink=https://mirrors.centos.org/metalink?repo=centos-resilientstorage-$stream&arch=$basearch&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=0

[resilientstorage-debuginfo]
name=CentOS Stream $releasever - ResilientStorage - Debug
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/ResilientStorage/$basearch/debug/tree/
# metalink=https://mirrors.centos.org/metalink?repo=centos-resilientstorage-debug-$stream&arch=$basearch&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
enabled=0

[resilientstorage-source]
name=CentOS Stream $releasever - ResilientStorage - Source
baseurl=https://mirrors.hetao.me/centos-stream/$releasever-stream/ResilientStorage/source/tree/
# metalink=https://mirrors.centos.org/metalink?repo=centos-resilientstorage-source-$stream&arch=source&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
enabled=0

[extras-common]
name=CentOS Stream $releasever - Extras packages
baseurl=https://mirrors.hetao.me/centos-stream/SIGs/$releasever-stream/extras/$basearch/extras-common
# metalink=https://mirrors.centos.org/metalink?repo=centos-extras-sig-extras-common-$stream&arch=$basearch&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1

[extras-common-source]
name=CentOS Stream $releasever - Extras packages - Source
baseurl=https://mirrors.hetao.me/centos-stream/SIGs/$releasever-stream/extras/source/extras-common
# metalink=https://mirrors.centos.org/metalink?repo=centos-extras-sig-extras-common-source-$stream&arch=source&protocol=https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
enabled=0

    docker-ce.repo

    [docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.hetao.me/docker-ce/linux/centos/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.hetao.me/docker-ce/linux/centos/gpg

[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://mirrors.hetao.me/docker-ce/linux/centos/$releasever/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.hetao.me/docker-ce/linux/centos/gpg

[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://mirrors.hetao.me/docker-ce/linux/centos/$releasever/source/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.hetao.me/docker-ce/linux/centos/gpg

[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://mirrors.hetao.me/docker-ce/linux/centos/$releasever/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.hetao.me/docker-ce/linux/centos/gpg

[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://mirrors.hetao.me/docker-ce/linux/centos/$releasever/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.hetao.me/docker-ce/linux/centos/gpg

[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://mirrors.hetao.me/docker-ce/linux/centos/$releasever/source/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.hetao.me/docker-ce/linux/centos/gpg

[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://mirrors.hetao.me/docker-ce/linux/centos/$releasever/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.hetao.me/docker-ce/linux/centos/gpg

[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo $basearch
baseurl=https://mirrors.hetao.me/docker-ce/linux/centos/$releasever/debug-$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.hetao.me/docker-ce/linux/centos/gpg

[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://mirrors.hetao.me/docker-ce/linux/centos/$releasever/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.hetao.me/docker-ce/linux/centos/gpg

    Views: 0

  • Ventoy启动Linux镜像

    参考上一篇:https://blog.hetao.me/2025/05/12/ventoy%e5%90%af%e5%8a%a8windows%e9%95%9c%e5%83%8f/

    启动Linux镜像和Windows的镜像区别就要是镜像制作方式

    制作Linux镜像

    1. 用Hyper-V创建一个vhd格式,大小固定的虚拟硬盘
    2. 用Hyper-V创建一个虚拟机,使用UEFI启动,不勾选TPM(受信任的平台模块)
    3. 正常安装虚拟机
      创建虚拟机后一定要把硬盘快照关掉
      在虚拟机设置->管理->检查点中取消启用检查点
    4. 下载vtoyboot
      https://github.com/ventoy/vtoyboot/releases
      把下载vtoyboot-1.0.36.iso,解压其中的vtoyboot-1.0.36.tar.gz
      然后执行vtoyboot.sh脚本并关机
    5. 复制镜像到U盘
      虚拟机关机后把vhd格式的硬盘镜像复制到U盘根目录,然后给硬盘镜像添加.vtoy后缀,不然无法启动。
    6. 在BIOS中把UEFI启动类型
      以华硕主板为例
      进入Secure Boot设置菜单
      OS Type设为Other OS
      Secure Boot Mode设为Custom
      这样可以关闭安全启动并支持Linux系统的启动

    Views: 0

  • ubuntu配置nftables规则(开机加载)

    配置/etc/nftables.conf,如下示例

    #!/usr/sbin/nft -f

flush ruleset

table ip filter {
        chain input {
                type filter hook input priority 0;
        }
        chain forward {
                type filter hook forward priority filter; policy accept;
        }
        chain output {
                type filter hook output priority 0;
        }
}
table ip nat {
        chain POSTROUTING {
                type nat hook postrouting priority srcnat; policy accept;
                iifname "wg2" oifname "eth0" counter masquerade
        }
}

    systemctl enable nftables

    然后重启系统

    Views: 0

  • powerdns性能基准测试

    下载dnspyre

    https://github.com/Tantalor93/dnspyre/releases

    sqlite数据库

    dnspyre -n 10 -c 100 –server 172.29.0.1 www.hetao.me

    切换到mysql数据库后再次测试

    性能基本没区别,说明数据库并不影响性能,因为查询都是在缓存中完成的,但是数据量大的时候数据库维护更方便。

    Views: 0

  • PowerDNS-Admin添加HTTPS/SVCB记录

    1. 在/app/powerdnsadmin/lib/setting.py文件中编辑以下内容
            # Zone Record Settings
        'forward_records_allow_edit': {
            'A': True,
            'AAAA': True,
            'AFSDB': False,
            'ALIAS': False,
            'CAA': True,
            'CERT': False,
            'CDNSKEY': False,
            'CDS': False,
            'CNAME': True,
            'DNSKEY': False,
            'DNAME': False,
            'DS': False,
            'HINFO': False,
            'KEY': False,
            'LOC': True,
            'LUA': False,
            'MX': True,
            'NAPTR': False,
            'NS': True,
            'NSEC': False,
            'NSEC3': False,
            'NSEC3PARAM': False,
            'OPENPGPKEY': False,
            'PTR': True,
            'RP': False,
            'RRSIG': False,
            'SOA': False,
            'SPF': True,
            'SSHFP': False,
            'SRV': True,
            'TKEY': False,
            'TSIG': False,
            'TLSA': False,
            'SMIMEA': False,
            'TXT': True,
            'URI': False,
            'HTTPS': True,
            'SVCB': True
        },
        'reverse_records_allow_edit': {
            'A': False,
            'AAAA': False,
            'AFSDB': False,
            'ALIAS': False,
            'CAA': False,
            'CERT': False,
            'CDNSKEY': False,
            'CDS': False,
            'CNAME': False,
            'DNSKEY': False,
            'DNAME': False,
            'DS': False,
            'HINFO': False,
            'KEY': False,
            'LOC': True,
            'LUA': False,
            'MX': False,
            'NAPTR': False,
            'NS': True,
            'NSEC': False,
            'NSEC3': False,
            'NSEC3PARAM': False,
            'OPENPGPKEY': False,
            'PTR': True,
            'RP': False,
            'RRSIG': False,
            'SOA': False,
            'SPF': False,
            'SSHFP': False,
            'SRV': False,
            'TKEY': False,
            'TSIG': False,
            'TLSA': False,
            'SMIMEA': False,
            'TXT': True,
            'URI': False,
            'HTTPS': False,
            'SVCB': False
        },
    }

    2. 重启PowerDNS-Admin

    docker compose restart admin

    3. 配置PowerDNS-Admin

    然后就可以添加HTTPS记录了

    Views: 0

  • caddy过滤请求

        @accept-language {
        header Accept-Language zh-CN*
        path /dns-query
    }
    reverse_proxy @accept-language http://172.29.0.1:8053 {
        trusted_proxies 0.0.0.0/0 ::/0
    }

    以上配置表示只接受path为/dns-query和语言为zh-CN的请求

    reverse_proxy的语法为

    reverse_proxy 匹配器 proxy_url {

    ……

    }

    匹配器可以省略,当省略时默认为*号,表示充许所有请求

    详细语法参考:

    https://caddyserver.com/docs/caddyfile/directives/reverse_proxy#syntax

    Views: 0

  • Ventoy启动Windows镜像

    ventoy可以直接启动iso和磁盘镜像中的系统,这样就可以实现在一个U盘中共享多个系统,而且U盘只需要一个NTFS分区就可以。

    1. 下载ventoy
      https://www.ventoy.net/cn/download.html
    2. 初始化U盘

    3. 下载ventoy_vhdboot.zip

    下载地址:https://github.com/ventoy/vhdiso/releases

    下载后解压其中的ventoy_vhdboot.img到U盘ventoy目录

    4. 制作Windows10/Windows11的vhd(x)镜像

    可以用wintogo制作工具生成vhd(x)镜像,也可以在虚拟机(建议virtualbox或hyper-v)中按装Windows,然后再把vhd(x)格式的虚拟硬盘拷出来放到U盘根目录。

    关于如何解决UEFI签名的问题请参考ventoy的文档

    Views: 0

  • 雷电接口

    以最新的雷电5和USB4 v2.0为例,两种技术在标准上是相同的,但是雷电5是Intel认证的,USB4是USB-IF认证或干脆没有认证。雷电5就是USB4的完全体,并加强了充电功率。Intel认证的时候是按最高规格来的,USB-IF则会放宽标认证标准,比如在USB4.0上可选的功能在雷电5中都是强制要求的,USB4.0也会有更低速率的版本(低于对称80Gbps,非对称120/40Gbps),其实USB4.0 v2.0与雷电5在速率上的要求也是一样的。

    不过现有的雷电5/USB4 v2都是基于PCIe4.0X4接口,最高只有单向64Gbps的速率,与CPU通信时也不会完全体的80Gbps,以后可能会有PCIe5.0X4接口的吧,至于非对称的120/40Gbps主要用于与显卡通迅跟PCIe带宽没有多大关系。雷电5/USB4 v2线缆长度要求不能超过1米。

    Intel出的雷电5控制器有JHL9480和JHL9580。

    Views: 0

  • Mellanox网卡驱动的安装

    旧的驱动是mlnx_ofed,mlnx_ofed应该不会再添加新功能的,新的驱动架构换成了doca_ofed。

    参考:

    https://docs.nvidia.com/doca/sdk/doca-host+installation+and+upgrade/index.html#src-3653456226_id-.DOCAHostInstallationandUpgradev3.0.0-InstallingSoftwareonHost

    https://docs.nvidia.com/doca/sdk/mlnx_ofed+to+doca-ofed+transition+guide/index.html#src-3453015790_id-.MLNX_OFEDtoDOCAOFEDTransitionGuidev2.9.1-InstallationExampleofDOCA-OFEDfromOnlineRepo

    创建文件/etc/apt/sources.list.d/doca.list,内容为:

    deb [signed-by=/etc/apt/trusted.gpg.d/GPG-KEY-Mellanox.pub] https://linux.mellanox.com/public/repo/doca/2.10.0/ubuntu24.10/x86_64/ ./

    然后执行

    apt update

    apt install doca-ofed

    doca-ofed主要是在宿主机上安装使用,KVM客户机用系统自带驱动就可以。

    Views: 0

  • mellanox网卡对shampo的支持

    目前看到的资料是仅ConnectX-7以上的网卡才支持,而且我ConnectX-4 LX的网卡确实用不了。

    参考以下内容:

    https://kernel.googlesource.com/pub/scm/linux/kernel/git/bpf/bpf-next/+/7da375e2c7e023957b71fce44a72107559cfa6d0%5E1..7da375e2c7e023957b71fce44a72107559cfa6d0

    https://forums.developer.nvidia.com/t/stride-size-in-multi-packet-and-how-to-enable-shampo-in-connectx-6/232013

    如果用的是ConnectX-7网卡的话可以用以下命令开启:

    ethtool -K enp2s0f0np0 rx-gro-hw on

    Views: 0