3 files changed, 373 insertions, 0 deletions
diff --git a/cheatsheets/rclone_cheat_sheet.md b/cheatsheets/rclone_cheat_sheet.md
new file mode 100644
index 0000000..4637fcd
--- /dev/null
+++ b/cheatsheets/rclone_cheat_sheet.md
@@ -0,0 +1,133 @@
+# 📘 Rclone Command Cheat Sheet
+
+## ⚙️ Configuration
+
+### Launch Configuration Wizard
+```bash
+rclone config
+```
+
+### Show Current Config
+```bash
+rclone config show
+```
+
+### List Remotes
+```bash
+rclone listremotes
+```
+
+## 📁 Basic File Operations
+
+### Copy Files
+```bash
+rclone copy source:path dest:path
+```
+
+### Sync Files
+```bash
+rclone sync source:path dest:path
+```
+
+### Move Files
+```bash
+rclone move source:path dest:path
+```
+
+### Delete Files or Dirs
+```bash
+rclone delete remote:path
+rclone purge remote:path   # Delete entire path
+```
+
+### Check Differences
+```bash
+rclone check source:path dest:path
+```
+
+## 🔍 Listing and Info
+
+### List Directory
+```bash
+rclone ls remote:path
+rclone lsd remote:path     # List only directories
+rclone lsl remote:path     # Long list with size and modification time
+```
+
+### Tree View
+```bash
+rclone tree remote:path
+```
+
+### File Size and Count
+```bash
+rclone size remote:path
+```
+
+## 📦 Mounting
+
+### Mount Remote (Linux/macOS)
+```bash
+rclone mount remote:path /mnt/mountpoint
+```
+
+### Mount with Aggressive Caching (Windows)
+```bash
+rclone mount remote:path X: \
+  --vfs-cache-mode full \
+  --cache-dir C:\path\to\cache \
+  --vfs-cache-max-size 100G \
+  --vfs-read-chunk-size 512M \
+  --vfs-read-ahead 1G
+```
+
+## 🔁 Sync with Filtering
+
+### Include / Exclude Files
+```bash
+rclone sync source:path dest:path --exclude "*.tmp"
+rclone sync source:path dest:path --include "*.jpg"
+```
+
+## 📄 Logging and Dry Runs
+
+### Verbose and Dry Run
+```bash
+rclone sync source:path dest:path -v --dry-run
+```
+
+### Log to File
+```bash
+rclone sync source:path dest:path --log-file=rclone.log -v
+```
+
+## 📡 Remote Control (RC)
+
+### Start RC Server
+```bash
+rclone rcd --rc-web-gui
+```
+
+### Use RC Command
+```bash
+rclone rc core/stats
+rclone rc vfs/stats
+```
+
+## 🛠️ Miscellaneous
+
+### Serve Over HTTP/WebDAV/SFTP
+```bash
+rclone serve http remote:path
+rclone serve webdav remote:path
+rclone serve sftp remote:path
+```
+
+### Crypt Operations
+```bash
+rclone config create secure crypt remote:path
+```
+
+---
+
+> ✅ **Tip**: Always use `--dry-run` when testing `sync`, `move`, or `delete` to prevent accidental data loss.
diff --git a/cheatsheets/server_hardening_disaster_recovery.md b/cheatsheets/server_hardening_disaster_recovery.md
new file mode 100644
index 0000000..fd23c40
--- /dev/null
+++ b/cheatsheets/server_hardening_disaster_recovery.md
@@ -0,0 +1,87 @@
+# 🛡️ Server Hardening & Disaster Recovery Cheat Sheet
+
+## 🔐 Server Hardening Checklist
+
+### 🔒 OS & User Security
+- ✅ Use **key-based SSH authentication** (`~/.ssh/authorized_keys`)
+- ✅ Disable root login:  
+  ```bash
+  sudo sed -i 's/^PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
+  sudo systemctl restart sshd
+  ```
+- ✅ Change default SSH port and rate-limit with Fail2Ban or UFW
+- ✅ Set strong password policies:
+  ```bash
+  sudo apt install libpam-pwquality
+  sudo nano /etc/security/pwquality.conf
+  ```
+- ✅ Lock down `/etc/sudoers`, remove unnecessary sudo privileges
+
+### 🔧 Kernel & System Hardening
+- ✅ Install and configure `ufw` or `iptables`:
+  ```bash
+  sudo ufw default deny incoming
+  sudo ufw allow ssh
+  sudo ufw enable
+  ```
+- ✅ Disable unused filesystems:
+  ```bash
+  echo "install cramfs /bin/true" >> /etc/modprobe.d/disable-filesystems.conf
+  ```
+- ✅ Set kernel parameters:
+  ```bash
+  sudo nano /etc/sysctl.d/99-sysctl.conf
+  # Example: net.ipv4.ip_forward = 0
+  sudo sysctl -p
+  ```
+
+### 🧾 Logging & Monitoring
+- ✅ Enable and configure `auditd`:
+  ```bash
+  sudo apt install auditd audispd-plugins
+  sudo systemctl enable auditd
+  ```
+- ✅ Centralize logs using `rsyslog`, `logrotate`, or Fluentbit
+- ✅ Use `fail2ban`, `CrowdSec`, or `Wazuh` for intrusion detection
+
+## 💾 Disaster Recovery Checklist
+
+### 📦 Backups
+- ✅ Automate **daily database dumps** (e.g., `pg_dump`, `mysqldump`)
+- ✅ Use **ZFS snapshots** for versioned backups
+- ✅ Sync offsite via `rclone`, `rsync`, or cloud storage
+- ✅ Encrypt backups using `gpg` or `age`
+
+### 🔁 Testing & Recovery
+- ✅ **Verify backup integrity** regularly:
+  ```bash
+  gpg --verify backup.sql.gpg
+  pg_restore --list backup.dump
+  ```
+- ✅ Practice **bare-metal restores** in a test environment
+- ✅ Use **PITR** (Point-In-Time Recovery) for PostgreSQL
+
+### 🛑 Emergency Scripts
+- ✅ Create service restart scripts:
+  ```bash
+  systemctl restart mastodon
+  docker restart azuracast
+  ```
+- ✅ Pre-stage `rescue.sh` to rebuild key systems
+- ✅ Include Mastodon/Gitea/etc. reconfig tools
+
+### 🗂️ Documentation
+- ✅ Maintain a **runbook** with:
+  - Service recovery steps
+  - IPs, ports, login methods
+  - Admin contacts and escalation
+
+### 🧪 Chaos Testing
+- ✅ Simulate failure of:
+  - A disk or volume (use `zpool offline`)
+  - A network link (`iptables -A OUTPUT ...`)
+  - A database node (use Patroni/pg_auto_failover tools)
+
+---
+
+> ✅ **Pro Tip**: Integrate all hardening and backup tasks into your Ansible playbooks for consistency and redeployability.
diff --git a/cheatsheets/zfs_cheat_sheet.md b/cheatsheets/zfs_cheat_sheet.md
new file mode 100644
index 0000000..760aeb1
--- /dev/null
+++ b/cheatsheets/zfs_cheat_sheet.md
@@ -0,0 +1,153 @@
+# 📘 ZFS Command Cheat Sheet
+
+## 🛠️ Pool Management
+
+### Create a Pool
+```bash
+zpool create <poolname> <device>
+zpool create <poolname> mirror <dev1> <dev2>
+zpool create <poolname> raidz1 <dev1> <dev2> <dev3> ...
+```
+
+### List Pools
+```bash
+zpool list
+```
+
+### Destroy a Pool
+```bash
+zpool destroy <poolname>
+```
+
+### Add Devices to a Pool
+```bash
+zpool add <poolname> <device>
+```
+
+### Export / Import Pool
+```bash
+zpool export <poolname>
+zpool import <poolname>
+zpool import -d /dev/disk/by-id <poolname>
+```
+
+## 🔍 Pool Status and Health
+
+### Check Pool Status
+```bash
+zpool status
+zpool status -v
+```
+
+### Scrub a Pool
+```bash
+zpool scrub <poolname>
+```
+
+### Clear Errors
+```bash
+zpool clear <poolname>
+```
+
+## 🧱 Dataset Management
+
+### Create a Dataset
+```bash
+zfs create <poolname>/<dataset>
+```
+
+### List Datasets
+```bash
+zfs list
+zfs list -t all
+```
+
+### Destroy a Dataset
+```bash
+zfs destroy <poolname>/<dataset>
+```
+
+## 📦 Mounting and Properties
+
+### Set Mount Point
+```bash
+zfs set mountpoint=/your/path <poolname>/<dataset>
+```
+
+### Mount / Unmount
+```bash
+zfs mount <dataset>
+zfs unmount <dataset>
+```
+
+### Auto Mount
+```bash
+zfs set canmount=on|off|noauto <dataset>
+```
+
+## 📝 Snapshots & Clones
+
+### Create a Snapshot
+```bash
+zfs snapshot <poolname>/<dataset>@<snapshotname>
+```
+
+### List Snapshots
+```bash
+zfs list -t snapshot
+```
+
+### Roll Back to Snapshot
+```bash
+zfs rollback <poolname>/<dataset>@<snapshotname>
+```
+
+### Destroy a Snapshot
+```bash
+zfs destroy <poolname>/<dataset>@<snapshotname>
+```
+
+### Clone a Snapshot
+```bash
+zfs clone <poolname>/<dataset>@<snapshot> <poolname>/<new-dataset>
+```
+
+## 🔁 Sending & Receiving
+
+### Send Snapshot to File or Pipe
+```bash
+zfs send <snapshot> > file
+zfs send -R <snapshot> | zfs receive <pool>/<dataset>
+```
+
+### Receive Snapshot
+```bash
+zfs receive <pool>/<dataset>
+```
+
+## 🧮 Useful Info & Tuning
+
+### Check Available Space
+```bash
+zfs list
+```
+
+### Set Quota or Reservation
+```bash
+zfs set quota=10G <dataset>
+zfs set reservation=5G <dataset>
+```
+
+### Enable Compression
+```bash
+zfs set compression=lz4 <dataset>
+```
+
+### Enable Deduplication (use cautiously)
+```bash
+zfs set dedup=on <dataset>
+```
+
+---
+
+> ✅ **Tip**: Always test ZFS commands in a safe environment before using them on production systems!