Start Here

How SysRef is organised: one foundations path, a parallel Ansible track, and everything else as reference.

SysRef is a reference with a recommended baseline walkthrough (the numbered 01–18 path). It is not one giant linear book. After foundations, you jump into tracks (Ansible, platform, identity, and so on) in whatever order your job needs.

How this site is organised

• Foundations (01–18) — a single pass through Linux, Git, GitLab, YAML, Ansible basics, Jinja, certs, FreeIPA, services, and workflow. Good for onboarding and for filling gaps.
• Ansible (parallel spine) — you finish YAML + Ansible foundations in the numbers, then use the practice path below for real playbooks, testing, and production patterns. That path is the main “learn by doing” line.
• Everything else — observability, backup, containers, Terraform, and dozens of deep dives. Treat these as an encyclopedia: open what you need, when you need it. The site map lists it all by section.

Foundations: the numbered path (01–18)

Read in order the first time through. Each page builds on earlier ideas.

1. Linux Command Cheat Sheet
   The foundation. Navigation, files, permissions, processes, networking, DNS, and package management — with explanations of what each command does and when to use it. Come back to this constantly.
2. SSH Keys and SSH Basics
   What SSH keys are, how to generate and use them, the ssh-agent, ~/.ssh/config, and common auth errors.
3. Git Basics
   What Git is and why it matters. Branching, committing, pushing, rebasing, and undoing changes safely.
4. GitLab Basics
   What GitLab adds on top of Git. Merge request workflow, pipelines, runners, and common problems.
5. YAML Basics
   What YAML is and why indentation matters. Read this before Ansible — it explains the data format Ansible uses everywhere.
6. Ansible Foundations
   What Ansible is, how automation works without agents, and how to write playbooks. Inventory, modules, handlers, idempotency, and lint.
7. Jinja2 Foundations
   Template language used by Ansible. Variable output, conditionals, loops, and filters. Used whenever you have a config template.
8. Certificate Basics
   What certificates are and why they matter. Private keys, CSRs, CAs, and essential openssl commands.
9. FreeIPA Core Basics
   Centralised identity management. Users, groups, hosts, Kerberos, HBAC, client enrolment.
10. Chrony Basics
    Time synchronisation. Why time matters more than it looks (Kerberos, certs, logs), config, and service checks.
11. Rsyslog Basics
    Local and remote log handling. Config, facilities, severities, forwarding.
12. Postfix Basics
    Mail transfer agent. What it does, key config, relay, queue management.
13. Dovecot Basics
    IMAP/POP3 server. Mailbox access and authentication.
14. Squid Basics
    Proxy server. What a proxy and a reverse proxy are, ACLs, service checks.
15. Nginx Basics
    Web server and reverse proxy. Server blocks, proxy setup, config testing.
16. Apache Basics
    Web server. VirtualHosts, config testing, apachectl tools.
17. Troubleshooting Workflow
    A repeatable step-by-step process for diagnosing almost any Linux service problem.
18. Glossary
    Key terms across all topics. Clear up confusion between similar-sounding concepts.

Ansible: practice path

After YAML and Ansible Foundations (and ideally Jinja2), use this as your main hands-on line. It parallels the 01–18 path; you do not have to read every page before the next track.

1. Quickstart (For Dummies) — zero to first playbook in minutes: install, inventory, ad-hoc, one playbook
2. Learn Ansible (Tutorial) — extended walkthrough with exercises (the deep tutorial)
3. Best Practices & Refactoring — structure, idempotency, and keeping playbooks maintainable
4. Roles in Practice — layout, defaults, vars, tasks, handlers, templates
5. Project Structure — real repo shape: inventories, group_vars, ansible.cfg
6. Variable Precedence — the full chain; “why is this value wrong?”
7. Testing — molecule, sanity checks, and safe change loops
8. Error Handling — block/rescue/always, failed_when, and robust tasks
9. Performance — strategy, forks, fact caching, and not melting prod
10. Inventory Patterns — groups, dynamic inventory, and patterns at scale
11. Custom Modules — when a module is worth writing
12. Deploy Flow — trace a change from group_vars to rendered config to a running service
13. Handlers & Templates in Practice — listen, flush_handlers, OS-aware templates
14. Tags — selective runs and CI patterns
15. Debugging — -vvv, --check / --diff, the debug module, common errors
16. Cheatsheet — one dense page: CLI, modules, Jinja, vault, tags
17. CI for Ansible — running Ansible in pipelines (pairs with GitLab CI/CD)
18. Ansible Collection — Typical Linux Stack — production collection layout: argument specs, FQCN, tags, roles for Chrony, Rsyslog, Postfix, Dovecot, Squid

Beyond foundations

Not a second numbered list. Pick a topic when you need it: Containers 101, Podman, or Docker Compose; Kubernetes (light intro); Observability overview with OpenTelemetry Traces, Loki for logs, and SLOs & on-call; Backup & restore, Borg & Borgmatic (file-level deduplicated archives), and Postgres backup (including pgbackrest patterns). For everything else, use the site map or Ctrl+K / Cmd+K / / to search.

Reference and deep dives

Same material as the sidebar, grouped for bookmarking. Config Literacy is intentionally a pair of long-form config files (Nginx and Postfix) as models; other services are covered in intro + “services deep dive” pages. File sharing is SMB / Samba–first on this site; NFS is not a first-class track here.

Ansible Collection — Typical Linux Stack
(Also listed as the last step in the Ansible path above.) A production-ready collection: argument specs, FQCN, tags, assertions, flush_handlers.

Ansible (full list, same as nav)

If you use the practice path you already have the order. This list matches nav for quick scanning:

• Quickstart · Learn Ansible (Tutorial) · Best practices
• Roles · Structure · Variables · Debugging
• Testing · Error handling · Performance · Inventory · Custom modules
• Deploy flow · Handlers & templates · Tags · Cheatsheet · CI for Ansible · Collection

GitLab & CI

1. CI/CD Pipelines — .gitlab-ci.yml, running Ansible in CI, SSH keys, vault, reading failed jobs
2. Merge Requests — creating MRs, reviewing infra diffs, approvals, responding to comments
3. Git for Infra — branch conventions, finding what to change, clean commits, hotfixes

Platform

1. SELinux — modes, contexts, reading denials, booleans, file context fixes
2. firewalld — zones, services, ports, rich rules, runtime vs permanent
3. systemd & journalctl — unit file anatomy, writing services, overrides, reading logs
4. Linux Networking — ip, routes, DNS, ss, nc, tcpdump, nmcli, troubleshoot checklist
5. LVM — physical volumes, volume groups, logical volumes, online extend, snapshots, thin provisioning, and LVM RAID

Identity & Auth

1. SSSD & Auth Flow — PAM, NSS, SSSD, cache, and login failure diagnosis
2. Kerberos — tickets, TGTs, kinit/klist, keytabs, clock requirements, errors
3. FreeIPA HBAC & Sudo — access rules, hbactest, and centrally managed sudo

Config Literacy

1. Nginx Config File — every directive and context explained with an annotated full config
2. Postfix Config File — main.cf directives, relay, TLS, SASL, maps, queue management

File Sharing

• Samba / SMB — smb.conf from scratch, share types, Linux permissions, Samba users, SELinux labels, firewalld, mounting from clients, and an Ansible role pattern

Linux Tools

• Bash Scripting — variables, loops, functions, set -euo pipefail, error handling, temp files, lock files, and flag parsing
• cron & systemd Timers — crontab syntax, @reboot, /etc/cron.d/, systemd timer units, OnCalendar, and Ansible
• rsync — -avz, trailing slash rule, SSH transport, --delete, excludes, dry run, and backup patterns
• User & Group Mgmt — useradd/usermod, groupadd, passwd, chage, visudo, /etc/sudoers.d/, service accounts
• lsof & strace — find what's listening on a port, trace open files, diagnose syscall-level failures
• Wireshark & tshark — capture vs display filters, reading pcaps, follow TCP streams, export objects, and TLS/HTTP debugging workflows
• NMAP — host discovery, port scan types, service detection, NSE scripts, and reading open/filtered/closed results (stay inside scope)

Guides

1. Infra Change Lifecycle — end-to-end: understand → branch → lint → dry-run → MR → CI → review → deploy → verify
2. Service Troubleshooting — concrete diagnosis steps for nginx, postfix, SSH, NTP, auth, DNS, SELinux, disk full

How to use this site

Every page has a table of contents and anchor links so you can jump to the section you need. Code blocks have copy buttons. The sidebar is accessible on every page.