--- /dev/null
+System Notes - talisker.SGK - File Server
+=========================================
+
+These notes cover the creation of a FreeBSD fileserver serving encrypted ZFS
+volumes via Samba.
+
+General Info
+------------
+
+ Hostname: talisker.SGK
+ Version: FreeBSD 12.1
+
+ Motherboard: X8DT3-LN4F (manual saved in hw_support)
+ Processors: 2x L5630 Xeons (4 cores @ 2.13 GHz, low power)
+ Memory: 48 GB (12x 4GB R2 Registered ECC)
+ Note: Configured in lockstep mode, leaving 32 GB usable
+ Hard Drives:
+ 3x 120 GB Intel DC S3500 (3-way boot mirror)
+ 2x 8.0 TB WD Red (2-way mirror for media)
+ 3x 3.0 TB WD Red (3-way mirror for personal files)
+ 2x 2.0 TB used SAS (2-way mirror for scratch space)
+ Note: The onboard SAS controller is limited to 2.0 TB max drive size.
+ Consequently, one boot drive and the five drives >2.0 TB are on the
+ SATA channels and all remaining drives are on SAS, even though this
+ splits the boot mirror across controllers.
+
+Installed Ports
+---------------
+
+ sysutils/screen
+ net/samba410
+ -LDAP
+ -ADS
+ -AD_DC
+ (due to dependency errors, build devel/llvm80 and devel/meson first)
+ sysutils/zfs-stats
+ sysutils/zfstools
+ sysutils/bacula9-server
+ +MTX
+ dns/bind-tools
+ devel/git
+ irc/irssi
+ security/nmap
+ sysutils/smartmontools
+ archivers/zip
+ archivers/gtar
+ mail/ssmtp
+
+Encrypted ZFS Mirrors
+---------------------
+
+The following example creates a 2-way mirror using `ada1` and `ada2`. First,
+create the encrypted devices.
+
+ geli init -l 256 /dev/ada1
+ geli init -l 256 /dev/ada2
+ geli attach /dev/ada1
+ geli attach /dev/ada2
+ geli status
+
+In order to be prompted for the passphrase on boot, add the following line to
+`/etc/rc.conf`.
+
+ geli_devices="ada1 ada2"
+
+Next, create the ZFS mirror. Enable compression by default, using LZ4 since it
+will abort the compression attempt if the initial results are not significant.
+
+ zpool create zfs_mirror_1 mirror /dev/ada1.eli /dev/ada2.eli
+ zfs set compress=lz4 zfs_mirror_1
+ zpool status
+
+Automated ZFS Snapshots
+-----------------------
+
+Set the `com.sun:auto-snapshot` property on relevant zpools and verify it is
+inherited.
+
+ zfs set com.sun:auto-snapshot=true zfs_mirror_1
+
+Create `/etc/cron.d/zfs-snapshots` with something like the following.
+
+ PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
+ 15,30,45 * * * * root /usr/local/sbin/zfs-auto-snapshot frequent 4
+ 0 * * * * root /usr/local/sbin/zfs-auto-snapshot hourly 24
+ 7 0 * * * root /usr/local/sbin/zfs-auto-snapshot daily 7
+ 14 0 * * 7 root /usr/local/sbin/zfs-auto-snapshot weekly 4
+ 28 0 1 * * root /usr/local/sbin/zfs-auto-snapshot monthly 12
+
+Note that you can exclude specific snapshot intervals with the following
+property (e.g. frequent, daily, etc).
+
+ zfs set com.sun:auto-snapshot:frequent=false zfs_mirror_1
+
+Automated ZFS Scrubs
+--------------------
+
+Create `/etc/cron.d/zfs-scrubs` with the following contents.
+
+ PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
+ 0 0 0 * * root /sbin/zpool scrub zroot
+ 0 0 0 * * root /sbin/zpool scrub zfs_mirror_1
+ 0 0 0 * * root /sbin/zpool scrub zfs_mirror_2
+ 0 0 0 * * root /sbin/zpool scrub zfs_mirror_3
+
+Samba Notes
+-----------
+
+Create `/usr/local/etc/smb4.conf` with the following contents. Add additional
+entries for each zpool.
+
+ [global]
+ workgroup = WORKGROUP
+ server string = Samba Server
+ netbios name = Talisker
+ wins support = Yes
+ security = user
+ passdb backend = tdbsam
+ ntlm auth = yes
+
+ [zfs_mirror_1]
+ path = /zfs_mirror_1
+ valid users = ataylor
+ writable = yes
+ browsable = yes
+ read only = no
+ guest ok = no
+ public = no
+ create mask = 0666
+ directory mask = 0755
+
+Create a Samba user, using a different password than the system account.
+
+ pdbedit -a ataylor
+
+Manually start Samba.
+
+ service samba_server start
+
+Configure Samba to autostart on boot by adding the following to `/etc/rc.conf`.
+
+ samba_server_enable="YES"
+
+Status Emails
+-------------
+
+After building, run `make replace` inside the `mail/ssmtp` port to
+automatically disable sendmail/etc and replace with ssmtp.
+
+Create `/usr/local/etc/ssmtp/ssmtp.conf` with the following contents.
+
+ # The person who gets all mail for userids < 1000
+ # Make this empty to disable rewriting.
+ root=ataylor@subgeniuskitty.com
+
+ # The place where the mail goes. The actual machine name is required
+ # no MX records are consulted. Commonly mailhosts are named mail.domain.com
+ # The example will fit if you are in domain.com and your mailhub is so named.
+ mailhub=mail.subgeniuskitty.com:465
+
+ # Where will the mail seem to come from?
+ rewriteDomain=subgeniuskitty.com
+
+ # The full hostname
+ hostname=talisker.subgeniuskitty.com
+
+ # Set this to never rewrite the "From:" line (unless not given) and to
+ # use that address in the "from line" of the envelope.
+ FromLineOverride=YES
+
+ # Use SSL/TLS to send secure messages to server.
+ UseTLS=YES
+
+ # Credentials accepted by remote SMTP server
+ AuthUser=ataylor@subgeniuskitty.com
+ AuthPass=password_goes_here
+
+Edit `/etc/passwd` and `/etc/master.passwd`, changing the name of the root
+account from `Charlie &` to something suitable for the `FROM:` field in emails.
+After, run `/usr/sbin/pwd_mkdb -p /etc/master.passwd`.
+
+Create `/etc/cron.d/status-emails` with suitable contents. For example:
+
+ PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
+ 0 0 * * 0 root /sbin/zpool list | /usr/bin/mail -s "talisker.SGK - zpool list" ataylor@subgeniuskitty.com
+ 0 0 * * 0 root /sbin/zpool status | /usr/bin/mail -s "talisker.SGK - zpool status" ataylor@subgeniuskitty.com
+ 0 0 * * 0 root /sbin/zfs list -t snapshot | /usr/bin/mail -s "talisker.SGK - zfs snapshots" ataylor@subgeniuskitty.com
+ 0 0 * * 0 root /sbin/zfs list | /usr/bin/mail -s "talisker.SGK - zfs list" ataylor@subgeniuskitty.com
+ 0 0 * * 0 root /usr/local/bin/zfs-stats -IMAE | /usr/bin/mail -s "talisker.SGK - zfs stats" ataylor@subgeniuskitty.com
--- /dev/null
+# Redirect File Descriptor of Running Process #
+
+This note explains how to redirect `stdin` (or any other file descriptor) of a
+pre-existing process using the GNU debugger (`gdb`) and a FIFO. It was tested
+on FreeBSD 11.
+
+An example of use would be saving the contents of remote `vi` sessions after
+they are detached due to a dropped connection.
+
+First, make a FIFO:
+
+ $ mkfifo /tmp/vififo
+
+Assuming there is a pre-existing `vi` session with PID `91266`, connect
+with `gdb`, close file descriptor `0` and reopen it as a connection to the
+FIFO with the `call close` and `call open` commands.
+
+ $ gdb -p 91266
+ <snip>
+ Attaching to process 91266
+ <snip>
+ (gdb) call close (0)
+ $1 = 0
+ (gdb) call open ("/tmp/vififo", 0600)
+
+At this point `gdb` will appear to hang. Leave it and open a new terminal. Use
+`echo` to send characters to the process through the FIFO.
+
+Special characters may be escaped by pressing `Ctrl-V` followed by the
+character. For example, to send an `Escape`, press `Ctrl-V` followed by
+`Escape` which results in an `Escape` code, or `^[`.
+
+Continuing the example, tell `vi` to save the current buffer to a file.
+
+ $ echo "^[:w /tmp/vi_recover.txt" > /tmp/vififo
+
+After this command the `gdb` session should start responding again, returning
+to a `(gdb)` prompt. Exit `gdb`.
+
+ $2 = 0
+ (gdb) quit
+ A debugging session is active.
+
+ Inferior 1 [process 91266] will be detached.
+
+ Quit anyway? (y or n) Y
+ Detaching from program: /hh/bin/vi, process 91266
+ [Inferior 1 (process 91266) detached]
+
+The characters have now been received by `vi` and a file should be waiting at
+`/tmp/vi_recover.txt`.