Auto-sync: 2026-04-22 04:02

2026-04-22 04:03:04 +08:00
parent 24218550d2
commit de096f2f88
232 changed files with 16604 additions and 514 deletions
--- a/wiki/overview.md
+++ b/wiki/overview.md
@@ -12,12 +12,20 @@ Key concepts: [[Agent Personality]], [[Agent Specialization]], [[Multi-Agent Coo
 ### Cloud Transformation & DevOps
 Cloud Transformation Programme (CTP) materials cover AWS landing zones, EKS, Terraform, GitOps, FinOps, observability, security, and enterprise architecture. Key themes: 3 Lines of Defence framework, ITSM, container hardening, backup & DR strategies. DevOps culture focuses on four pillars: Collaboration, Automation (CI/CD, IaC), Continuous Improvement (Kaizen), and Customer-Centricity. Agile practices (Scrum, Kanban) are symbiotic with DevOps. Emerging trends: DevSecOps, GitOps, Serverless DevOps, AI/ML-driven automation, and Edge Computing DevOps.

-Key concepts: [[Landing Zone Architecture]], [[GitOps]], [[FinOps]], [[Event Sourcing]], [[Container Lifecycle Hardening]], [[AWS Backup]], [[ITSM]], [[Error Budgets]], [[Multi-Cloud Strategy]], [[Multi-Cloud-ROI]], [[DevOps Culture]], [[CI/CD Pipeline]], [[DevSecOps]], [[Agile Practices]], [[DevOps Maturity]], [[DORA Metrics]], [[Infrastructure as Code]], [[Cloud-Native]], [[Cloud Maturity Levels]], [[Cloud Adoption Strategy]], [[Cloud Service Delivery]], [[Cloud DevOps Maturity Model]], [[AIOps]], [[SLA]], [[SLO]], [[Incident Management]], [[Change Management]], [[Disaster Recovery]], [[WAF]], [[APM]], [[Cloud Security]], [[Cloud Migration]], [[High Availability]], [[Vendor-Lock-In]], [[Data-Sovereignty]], [[Continuous Integration]], [[Continuous Deployment]], [[Lead Time]], [[Time-to-Market]], [[MTTR]], [[MTTD]], [[MTTA]], [[Change Failure Rate]], [[Error Budget]], [[Rollback Rate]], [[Availability]], [[Scalability]]
+Key concepts: [[Landing Zone Architecture]], [[GitOps]], [[FinOps]], [[Event Sourcing]], [[Container Lifecycle Hardening]], [[AWS Backup]], [[ITSM]], [[ITSM-2.0]], [[Hyperautomation]], [[AIOps]], [[Self-Healing-Systems]], [[Zero-Trust-Architecture]], [[Policy-as-Code]], [[Immutable-Infrastructure]], [[Error Budgets]], [[Multi-Cloud Strategy]], [[Multi-Cloud-ROI]], [[DevOps Culture]], [[CI/CD Pipeline]], [[DevSecOps]], [[Shift-Left-Security]], [[Shift-Right-Security]], [[SAST]], [[DAST]], [[IAST]], [[SCA]], [[Break-the-Build]], [[Agile Practices]], [[DevOps Maturity]], [[DORA Metrics]], [[Infrastructure as Code]], [[Cloud-Native]], [[Cloud Maturity Levels]], [[Cloud Adoption Strategy]], [[Cloud Service Delivery]], [[Cloud DevOps Maturity Model]], [[Cloud Operating Model]], [[Cloud Governance]], [[Cloud Cost Optimization]], **[[Serverless Computing]]**, **[[Edge Computing]]**, **[[Green Computing]]**, [[Vendor-Lock-In]], [[Data-Sovereignty]], [[SLA]], [[SLO]], [[Incident Management]], [[Change Management]], **[[Disaster Recovery]]**, [[WAF]], [[APM]], [[Cloud Security]], [[Cloud Migration]], [[High Availability]], [[Pay-as-you-go]], [[Failover]], [[Multi-factor-Authentication]], [[Data-Governance]], [[Continuous Integration]], [[Continuous Deployment]], [[Lead Time]], [[Time-to-Market]], [[MTTR]], [[MTTD]], [[MTTA]], [[Change Failure Rate]], [[Error Budget]], [[Rollback Rate]], [[Availability]], [[Scalability]], **[[Agentic AI]]**, [[Root Cause Analysis (RCA)]], [[Predictive Maintenance]], [[Deployment Automation]], [[Rightsizing]], [[Automated Security Audit]], [[AI ChatOps]], [[What-If Simulation]], **[[RTO]]**, **[[RPO]]**, **[[Feature Flag]]**, **[[Kill Switch]]**, **[[Progressive Rollout]]**, **[[Micro-Recovery]]**, **[[Deployment-vs-Release]]**, **[[Business Impact Analysis]]**, **[[Public Cloud]]**, **[[Private Cloud]]**, **[[Hybrid Cloud]]**, **[[Shared Responsibility Model]]**, [[Multi-Tenancy]], [[Intentional Cloud Strategy]], **[[Centralized Logging]]**, **[[Cross-Account Monitoring]]**, **[[Multi-Account Deployment]]**, **[[StackSets Deployment Visibility]]**, [[CMDB]], [[Problem-Management]], [[Release-Management]], [[Configuration-Management]], [[Asset-Management]], [[Security-and-Compliance]], [[DRaaS]], [[Canary-Release]], [[Blue-Green-Deployment]], [[Threat Modeling]], [[OWASP-Top-Ten]], [[Bug-Bounty]], [[Vulnerability-Scanning]], [[Penetration-Testing]], [[Compliance-Automation]]

 ### Home Server Automation
-Home office setup guides cover Docker deployments, RSSHub, FRP reverse proxy, Synology NAS, network monitoring (Prometheus/Grafana), media servers (Jellyfin, Navidrome), and scientific internet access.
+Home office setup guides cover Docker deployments, RSSHub, FRP reverse proxy, Synology NAS, MariaDB/MySQL databases, network monitoring (Prometheus/Grafana), media servers (**Jellyfin**, **Navidrome**, **Transmission**), **it-tools** developer utilities, **CloudDrive2** cloud drive mounting (Aliyun Drive, 115, Quark), **NodeWarden** serverless password manager (Cloudflare Workers + D1 + R2), and scientific internet access. Key configurations include read-only music mounts, transcode caching (200MB limit), MariaDB remote access (socket login, CREATE USER/GRANT), non-root container users, auto-transcode download features, and BT download Web UI authentication. The media workflow follows: Transmission (download) → organize → Jellyfin/Navidrome (play). **CloudDrive2** enables direct NAS access to cloud storage via virtual filesystem mount (Aliyun Drive resource directory only, scan QR code with App authorization). Backup automation is implemented via rsync incremental sync to NAS. SSH server setup on Ubuntu 24.04 introduces **ssh.socket activation** (on-demand startup) as the default; administrators can switch to persistent ssh.service mode. Cross-border AI service registration guides cover using **fingerprint browsers** (**AdsPower**), **high-purity US proxies**, **SMS verification platforms** (**PingMe**), and **virtual credit cards** (**WildCard**) to safely subscribe to **Claude Pro**.

-Key concepts: [[Docker-Image]], [[Docker-Save]], [[Docker-Load]], [[RSSHub]], [[内网穿透]], [[Prometheus]]
+Key concepts: [[Docker-Image]], [[Docker-Save]], [[Docker-Load]], [[Docker Compose]], [[Docker Engine]], [[Docker 用户组]], [[APT 仓库配置]], [[GPG 密钥验证]], [[it-tools]], [[RSSHub]], [[内网穿透]], [[反向代理]], [[TCP隧道]], [[Caddy]], [[frp]], [[Symbolic Link]], [[软链接策略]], [[目录映射]], [[Prometheus]], [[PromQL]], [[Prometheus告警规则]], [[Grafana]], [[node_exporter]], [[cAdvisor]], [[blackbox_exporter]], [[Alertmanager]], [[Uptime Kuma]], [[Netdata]], [[VictoriaMetrics]], [[合成监控]], [[Exporter]], [[时序数据库]], [[TUI]], [[Process Management]], [[System Monitoring]], [[容器资源限制]], [[容器重启策略]], [[端口映射]], [[媒体服务器]], [[转码缓存]], [[只读挂载]], [[增量备份]], [[永久挂载]], [[挂载点检查]], [[Cron定时任务]], [[进程管理]], [[Socket 登录]], [[用户权限]], [[固件刷入]], [[过渡固件]], [[JFFS双清]], [[策略组分流]], [[故障转移]], [[订阅机制]], [[PUID/PGID]], [[桥接网络]], [[Socket Activation]], [[UFW 防火墙]], [[开机自启]], [[VPN Panel]], [[Xray]], [[BBR]], [[Web Proxy Protocol]], **[[全盘镜像备份]]**, **[[裸机恢复]]**, **[[NFS网络备份]]**, **[[UEFI启动]]**, [[指纹浏览器]], [[IP纯净度]], [[虚拟信用卡]], [[接码平台]], [[账号隔离]], **[[云盘挂载]]**, **[[NAS套件管理]]**, [[Root权限修复]], [[SPK套件格式]], [[launchd]], [[Gatekeeper]], [[软链接策略]], **[[systemd]]**, **[[Ubuntu Server]]**
+
+### Linux System Monitoring
+Six Linux resource monitoring tools reviewed: TUI tools (Btop++, Htop, Glances, Bottom) for SSH-friendly server management; GUI tools (Mission Center, Stacer) for desktop use. Author's top pick: Btop++ for its balance of usability and aesthetics. [[Btop++]], [[Htop]], [[Glances]], [[Bottom]], [[Mission Center]], [[Stacer]], [[TUI]], [[TOTP]], [[Passkey]], [[Self-Hosted Password Manager]]
+
+### Linux Operations Command Reference
+A comprehensive Linux command reference covering 150 essential commands across 16 categories: help commands (man, help), file operations (ls, cd, cp, find, mkdir, mv, rm, touch, tree), text processing (cat, grep, sort, uniq, wc, diff, vim), compression (tar, gzip, zip, unzip), system info (uname, dmesg, uptime, du, df, top, free), search (which, locate), user management (useradd, sudo, visudo), networking (ssh, scp, wget, ping, ifconfig, netstat, ss, nmap, tcpdump), disk/filesystem (mount, fdisk, mkfs, mkswap, sync), permissions (chmod, chown, chgrp, umask), process management (kill, crontab, ps, nohup), and system shutdown/restart (shutdown, halt, poweroff). Key insight: Linux treats everything as a file (CPU, memory, disks, keyboard, users). **CPU architecture detection**: `uname -m` (x86_64/aarch64/armv7l), `lscpu` (Architecture field), `cat /proc/cpuinfo` (model name/AArch64), `file /bin/bash` (ELF metadata).
+
+Key concepts: [[CPU架构检测]], [[x86_64]], [[aarch64]], [[ARM64]], [[ELF格式]]

 ### AI Tools & Prompt Engineering
 Covers Claude Code, OpenCode, Cursor, Gemini CLI, Vibe Coding, RAG, multi-agent workflows, NotebookLM, Nano Banana prompting, and video generation tools.
@@ -48,9 +56,85 @@ Key concepts: [[Obsidian Tasks]], [[Dataview]], [[Event Sourcing]], [[Second Bra
 - [[n8n]] — workflow automation
 - [[Quartz]] — static site generator for wikis
 - [[RSSHub]] — open-source RSS aggregator
- [[Synology NAS]] — network-attached storage
+- [[群晖 NAS]]（Synology NAS）— 网络附加存储，Navidrome/Jellyfin/Transmission 音乐/视频/BT文件的宿主机，MariaDB 数据库的部署平台，CloudDrive2 云盘挂载的硬件平台
+- [[Docker卷]] — Docker 容器持久化数据存储，默认路径 /var/lib/docker/volumes，是 TikTok 业务数据备份的核心对象
+- [[it-tools]] — 开源开发者工具集合 Web UI（corentinth/it-tools），提供 100+ 实用工具如 URL 编解码、UUID 生成、Cron 解析、哈希计算等，通过 Docker Compose 部署，端口 8999，内存限制 128MB
+- [[Navidrome]] — 开源音乐流媒体服务器，Subsonic API 兼容，支持网页端与移动客户端
+- [[Transmission]] — 开源 BT 下载客户端，Home Server 媒体中心核心组件，负责下载环节，与 Jellyfin/Navidrome 构成"下载→播放"工作流
+- [[LinuxServer.io]] — 开源 Docker 镜像维护组织，为 Transmission/Jellyfin/Navidrome 等自托管应用提供标准化 Docker 镜像
+- [[MariaDB]] — 开源关系型数据库，Synology NAS Docker 环境部署，支持内网（192.168.3.17:3307）和公网（mysql.ishenwei.online:63307）双通道访问
 - [[Claude Code]] — Anthropic CLI agent
 - [[OpenCode]] — Vibe Coding CLI agent
+- [[ISO-27001]] — 国际信息安全管理体系标准（云安全合规基础）
+- [[HIPAA]] — 美国医疗健康信息隐私法规
+- [[GDPR]] — 欧盟通用数据保护条例
+- [[Raj-Vardhan-Singh]] — LinkedIn 云计算文章作者
+- [[Agentic AI]] — 自主决策和任务执行能力的AI系统
+- [[Kubernetes]] — 容器编排平台（EKS/GKE/AKS）
+- [[Terraform]] — IaC 基础设施即代码工具
+- [[LaunchDarkly]] — Feature Flag 管理平台（HP、Christian Dior RTO 优化案例）
+- [[Veeam]] — 传统灾备工具（数据库备份、服务器镜像）
+- [[Acronis]] — 传统灾备工具（跨区域复制）
+- [[Docker]] — 容器化平台，所有监控组件（Prometheus / Grafana / node_exporter / cAdvisor / blackbox_exporter）的部署底座，通过 Docker Compose 实现一键启动
+- [[Prometheus]] — CNCF 毕业项目，开源时序数据库和监控告警系统，pull 模式采集 exporters 指标，支持 PromQL 查询和告警规则引擎，是家庭监控方案的核心数据引擎
+- [[Grafana]] — 开源可视化平台，支持多数据源（Prometheus / Loki / VictoriaMetrics）仪表盘和告警管理，家庭方案中通过 Dashboard ID（1860/14282/7587）快速导入官方模板
+- [[node_exporter]] — Prometheus 官方主机指标采集器，以 host network 模式运行，采集 CPU / 内存 / 磁盘 / 网络 / I/O 等系统指标
+- [[cAdvisor]] — Google 开源容器资源监控工具，挂载 Docker socket 采集容器级别资源指标，为 Prometheus 提供容器层可观测性
+- [[blackbox_exporter]] — Prometheus 官方黑盒探测 exporter，通过 HTTP/TCP/ICMP/DNS/TLS 探测实现服务可用性和证书到期监控
+- [[Alertmanager]] — Prometheus 告警分发组件，支持告警分组、抑制、静默及邮件/Slack/Teams/Webhook 多通道路由
+- [[Uptime Kuma]]（louislam/uptime-kuma）— 自托管 uptime monitoring 工具，支持 HTTP/TCP/DNS/TLS 合成监控，适合外网/内网可用性探测
+- [[Netdata]] — 开箱即用的实时主机/容器监控面板，默认端口 19999，适合快速诊断，与 Prometheus 可互补使用
+- [[VictoriaMetrics]] — Prometheus 时序数据库替代方案，支持长期存储和高效写入，适合大规模数据保留场景
+- [[Portainer]] — Docker 可视化管理工具，不替代 Prometheus 但便于运维快速操作容器
+- **[[BMC]]** — 企业IT管理解决方案提供商（BMC Helix / Control-M）
+- **[[AWS]]** — Amazon Web Services
+- **[[Azure]]** — Microsoft Azure
+- **[[Google-Cloud]]** — Google Cloud Platform
+- [[Btop++]] — TUI系统监控器，作者首选
+- [[Htop]] — 轻量级TUI进程监控器
+- [[Glances]] — 超轻量TUI监控器
+- [[Bottom]] — TUI实时图表监控器
+- [[Mission Center]] — 类Windows任务管理器的GUI应用
+- [[Stacer]] — 功能最全的GUI监控+维护工具
+- [[网件RAX50]] — NETGEAR WiFi 6路由器，支持刷入梅林固件
+- [[梅林固件]] — 华硕路由器第三方固件改良版，支持软件中心插件
+- [[MerlinClash插件]] — 基于Clash核心的梅林固件科学上网插件，支持策略组分流
+- [[机场]] — 提供代理节点订阅服务的服务商
+- [[3X-UI]] — Xray 可视化管理面板（mhsanaei/3x-ui），提供 Web UI 管理 25 项运维操作（启停、更新、SSL证书、Geo更新、BBR等），支持 VLESS+Reality 入站配置生成
+- [[Xray]] — 新一代代理核心，支持 VLESS/VMess/Trojan/SS 等多协议，内置 Reality 流量伪装方案，是 3X-UI 的底层引擎
+- [[frp]] — 开源内网穿透工具，包含 frps（服务端）和 frpc（客户端）两个组件，通过反向隧道使内网服务可被公网访问，支持 TCP/UDP/HTTP 等多种协议
+- [[Ubuntu Server]] — Ubuntu Server 是 Canonical 维护的 Linux 服务器操作系统，默认使用 systemd 作为初始化系统，Ubuntu Server 24.04 LTS 是当前长期支持版本
+- [[systemd]] — Linux 系统和服务管理器，Ubuntu Server 的默认初始化系统，通过 unit 文件（service/timer/socket）和 systemctl 命令管理服务生命周期，支持开机自启（enable）、自动重启（Restart=on-failure）、日志收集（journald）等生产级特性
+- [[Mac Mini M4]] — Apple Silicon Mac Mini，作为家庭服务器运行 FRP 客户端、N8n、OpenClaw 等服务，支持 ARM64 架构
+- [[Caddy]] — Go 语言编写的自动 HTTPS 反向代理服务器，默认启用 Let's Encrypt 证书，与 frp 配合提供内网服务的 HTTPS 访问
+- [[VPS]] — 公网虚拟专用服务器，本方案中托管 frps 和 Caddy，作为内网穿透的公网中转站（IP: 192.227.222.142）
+- [[阿里云 DNS]] — 域名 ishenwei.online 的 DNS 解析服务，通过 A 记录将子域名指向 VPS 公网 IP
+- [[Bandwagon VPS]] — 低总价 OpenVZ/KVM VPS 提供商，资料中 VPS2（104.194.92.188）托管了 3X-UI + Xray 服务
+- **[[CloudDrive2]]** — 云盘挂载工具，支持阿里云盘/Google Drive/OneDrive 等，通过虚拟文件系统将云端存储挂载为本地目录，Web UI 端口 19798
+- **[[矿神源]]** — Synology 社群第三方套件源（SPK 格式），提供 CloudDrive2 等官方未收录应用
+- **[[阿里云盘]]** — 阿里巴巴云盘服务，CloudDrive2 的主要挂载目标
+- [[AdsPower]] — 指纹浏览器产品，支持浏览器指纹隔离，免费版提供5个环境，是跨境服务注册的推荐工具
+- [[PingMe]] — 短信接码平台，支持美国区号码接收验证码，需下载App，最低充值2美元
+- [[WildCard]] — 虚拟信用卡服务，支持支付宝充值，解决国内用户跨境支付难题
+- [[Claude Pro]] — Anthropic Claude AI聊天工具的Pro订阅服务，月费20美元，需海外支付方式
+- [[v2rayN]] — Windows/Linux 代理客户端（支持 VLESS+Reality），配合 Bandwagon VPS 上的 Xray 服务使用
+- [[v2rayNG]] — Android 代理客户端，v2rayN 的移动版，功能一致
+- [[BBR]] — Google TCP 拥塞控制算法，3X-UI 提供一键启用，可提升跨境网络吞吐量
+- [[VPN Panel]] — Web 界面类代理管理工具的统称，3X-UI 属于此类，降低 Xray 服务端运维门槛
+- [[KoolCenter固件服务器]] — 提供梅林固件下载的服务器平台
+- **[[Clonezilla]]** — 开源磁盘镜像工具（再生龙），支持 savedisk/restoredisk 全盘镜像备份到 NAS
+- **[[Rufus]]** — 开源 U 盘启动盘制作工具，ISOHybrid 镜像写入模式选择（ISO 模式推荐）
+- **[[HP ZBook]]** — HP 工作站笔记本，支持 UEFI/F9 启动菜单，F10 进入 BIOS，作为 Ubuntu 24.04 安装目标机
+- **[[NodeWarden]]** — 将 Bitwarden 服务器端部署到 Cloudflare Workers 的开源实现，运行在边缘计算平台，无需 VPS 和服务器维护，数据存储在 Cloudflare D1 + R2，支持 Bitwarden 官方全平台客户端
+- **[[Cloudflare Workers]]** — Cloudflare 边缘计算平台，基于 V8 隔离的 Serverless 运行时，NodeWarden 的部署环境
+- **[[Cloudflare D1]]** — Cloudflare 边缘 SQLite 数据库，NodeWarden 的主数据存储（保管库/同步数据）
+- **[[Cloudflare R2]]** — Cloudflare S3 兼容对象存储，NodeWarden 用于存储密码附件
+
+### New Linux/DevOps Concepts (recently added)
+- **[[efibootmgr]]** — Linux NVRAM 启动项管理工具，可强制重写 BootOrder 解决 HP BIOS 固执行为
+- **[[ISOHybrid镜像]]** — 同时支持 BIOS 和 UEFI 引导的混合 ISO 镜像，Rufus 提供 ISO/DD 两种写入模式
+- **[[UEFI Only]]** — HP ZBook 终极启动修复方案，切换后消除 Legacy BBS 项干扰
+- **[[NVMe硬盘分区]]** — Ubuntu 24.04 自动识别并优化 NVMe 分区对齐

 ## Conflict Areas

@@ -61,3 +145,9 @@ Key concepts: [[Obsidian Tasks]], [[Dataview]], [[Event Sourcing]], [[Second Bra
 3. **Micro-Enterprise vs Portage Salarial**: Micro-enterprise yields higher net income but lacks social protections; Portage Salarial costs more but includes unemployment insurance, pension, mutuelle. Financial trade-off vs social safety net.

 4. **CI/CD Build Output**: SECURITY.md says build output is always closed; GitHub Actions best practice says certain generated files should be committed for reproducibility. Reproducibility vs cleanliness tension.
+
+5. **路由器科学上网 vs VPS科学上网 vs NAS科学上网**：三层方案各有适用场景。[[网件RAX50刷梅林固件与科学上网]] 路由网关方案（[[MerlinClash插件]]）→ 全屋透明代理，无需客户端配置；[[3X-UI Xray on BandwagonVPS]] VPS服务端方案（[[3X-UI]] + [[Xray]]）→ 集中式代理节点，可扩展；[[群晖NAS科学上网]] / [[ubuntu-server科学上网]] 终端代理方案 → 仅服务于特定设备。最佳实践：路由器作为主网关（[[MerlinClash插件]]），VPS作为代理节点池（订阅机制），NAS/服务器按需单独配置。
+
+6. **Prometheus 监控 vs OpenTelemetry**：Prometheus 生态成熟、部署简单，适合家庭服务器和小型集群；OpenTelemetry 是云原生可观测性新标准（metrics/traces/logs 三合一），长期可考虑迁移路径但学习成本高。[[家庭监控方案-prometheus-grafana-node-exporter-cadvisor-blackbox]] vs [[ctp-topic-67-cloud-native-observability-using-opentelemetry]]。
+
+7. **Netdata vs Prometheus**：Netdata 开箱即用适合实时短期诊断（默认 19999 端口），Prometheus + Grafana 适合长期存储和趋势分析。两者可互补使用：Netdata 做快速排查，Prometheus 做 SLA 报表和历史分析。