martin/emacs-org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Martin Sukany
2026-02-27 15:48:23 +01:00
parent 58a2ccea2b
commit 5ab8ba813b
9 changed files with 186 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.orgids
View File

File diff suppressed because one or more lines are too long

4
beorg-customize-init.org
View File

@@ -4,6 +4,8 @@ This file has been auto-generated by beorg and should (probably) not be manually
* Settings * Settings
#+begin_src scheme #+begin_src scheme
(set! beorg-customized-var-names '("sync-subfolders")) (set! beorg-customized-var-names '("sync-subfolders" "agenda-include-calendar" "agenda-exclude-files"))
(set! sync-subfolders #t) (set! sync-subfolders #t)
(set! agenda-include-calendar #f)
(set! agenda-exclude-files '("caldav/suky.org" "caldav/family.org" "caldav/klara.org"))
#+end_src #+end_src

7
caldav/family.org
View File

@@ -4154,7 +4154,7 @@ Os 4603
:PROPERTIES: :PROPERTIES:
:ID: 036FB855-F48C-49E7-8442-EA3EEEEAE275 :ID: 036FB855-F48C-49E7-8442-EA3EEEEAE275
:END: :END:
<2026-02-28 Sat> <2026-04-11 Sat>
* Babička * Babička
:PROPERTIES: :PROPERTIES:
:ID: 0D837B3F-426F-42C1-8829-2EC268322626 :ID: 0D837B3F-426F-42C1-8829-2EC268322626
@@ -4195,3 +4195,8 @@ Os 4603
:ID: C36A2C82-D043-41DD-B709-9909F1DC17F5 :ID: C36A2C82-D043-41DD-B709-9909F1DC17F5
:END: :END:
<2026-12-31 Thu>--<2027-01-03 Sun> <2026-12-31 Thu>--<2027-01-03 Sun>
* La villa
:PROPERTIES:
:ID: 72240494-4406-4343-A786-47A5D9616AC9
:END:
<2026-03-11 Wed 17:00-18:00>

19
inbox.org
View File

@@ -1 +1,20 @@
* INBOX * INBOX
* TODO MCP / A2A
[2026-02-25 Wed 22:49]
* TODO Model usage optimizace
[2026-02-25 Wed 23:31]
* TODO OpenClaw - switch to OpenAI
[2026-02-26 Thu 11:43]
* TODO Emacs agenda grouping issue - fix
[2026-02-26 Thu 11:43]
* TODO Gpt cancell
[2026-02-26 Thu 22:08]
* TODO Usb hub vzít z práce
[2026-02-27 Fri 07:48]
* TODO Claude v práci
[2026-02-27 Fri 08:30]

5
org-caldav-d3fda0b.el
View File

@@ -755,7 +755,7 @@
("77AED62D-7915-4CB5-8934-BEA491C3FB17" "4c478ac120cabe81131f470cd2b4b7b5" "62ef7d292d3fb75fcc395b86669b4f7c" 0 deleted-in-org) ("77AED62D-7915-4CB5-8934-BEA491C3FB17" "4c478ac120cabe81131f470cd2b4b7b5" "62ef7d292d3fb75fcc395b86669b4f7c" 0 deleted-in-org)
("DF421EC9-E51A-43DF-8BEB-F9320EEA88CD" "a560ee5ae32d55c707cbf994a4f502e2" "5c39782d8a504aa00057573ae22af1d3" 1 deleted-in-org) ("DF421EC9-E51A-43DF-8BEB-F9320EEA88CD" "a560ee5ae32d55c707cbf994a4f502e2" "5c39782d8a504aa00057573ae22af1d3" 1 deleted-in-org)
("62564FDE-C683-4ADC-B53C-3FF2C5536CDF" "b4faa6ddafc1aa5c1595fcbd0a8cb188" "c4c577f002d286cd9c4bdfd6eaa1c01e" 0 deleted-in-org) ("62564FDE-C683-4ADC-B53C-3FF2C5536CDF" "b4faa6ddafc1aa5c1595fcbd0a8cb188" "c4c577f002d286cd9c4bdfd6eaa1c01e" 0 deleted-in-org)
("036FB855-F48C-49E7-8442-EA3EEEEAE275" "0570a137cc4892378b35aeb3de6c4352" "454c37681d840681d7f28e6763f14c9e" 1 deleted-in-org) ("036FB855-F48C-49E7-8442-EA3EEEEAE275" "7046b214e400cb6f6d1387194de228e0" "85ca1adf0587eb06b99c37dcf7c9bf32" 2 synced)
("0D837B3F-426F-42C1-8829-2EC268322626" "b4d2d75246454be11b2497936906b190" "aa7afc7f2391efbfc2f88af466296dc9" 0 deleted-in-org) ("0D837B3F-426F-42C1-8829-2EC268322626" "b4d2d75246454be11b2497936906b190" "aa7afc7f2391efbfc2f88af466296dc9" 0 deleted-in-org)
("AA5E1641-1FBE-431A-A5F4-F47954B5635E" "e31f9b03597c1f382a01b0b5dd2aadc0" "6636cb5d52a5a15a7200bb210310ae7a" 0 deleted-in-org) ("AA5E1641-1FBE-431A-A5F4-F47954B5635E" "e31f9b03597c1f382a01b0b5dd2aadc0" "6636cb5d52a5a15a7200bb210310ae7a" 0 deleted-in-org)
("E6E7EC77-8434-4B33-BEB3-E30F68403249" "30463e437c4c569b3434aa629a35f4ff" "eaf964a1380c98661d2bd35181102634" 0 deleted-in-org) ("E6E7EC77-8434-4B33-BEB3-E30F68403249" "30463e437c4c569b3434aa629a35f4ff" "eaf964a1380c98661d2bd35181102634" 0 deleted-in-org)
@@ -763,6 +763,7 @@
("F53BC7B1-7C06-4853-8073-046087B01F2E" "e8a0dac3bc2c64a11217db1a66bef140" "8fe3e99b966d8ebf0d4b8c60e6dab6d9" 0 deleted-in-org) ("F53BC7B1-7C06-4853-8073-046087B01F2E" "e8a0dac3bc2c64a11217db1a66bef140" "8fe3e99b966d8ebf0d4b8c60e6dab6d9" 0 deleted-in-org)
("0F8991BC-4C4F-49ED-A28A-3C0DD88B4946" "3692b6466186e12c88b69e2b39362432" "6807ac3dd3e32544e8b6841ad19bcd58" 0 deleted-in-org) ("0F8991BC-4C4F-49ED-A28A-3C0DD88B4946" "3692b6466186e12c88b69e2b39362432" "6807ac3dd3e32544e8b6841ad19bcd58" 0 deleted-in-org)
("44687F49-6E16-43A2-9C6D-77A2FEDF9319" "18a193f2ff453f0e2e7cbd3ee2eab602" "279915d154b766526c2e7065f22fc6fb" 3 deleted-in-org) ("44687F49-6E16-43A2-9C6D-77A2FEDF9319" "18a193f2ff453f0e2e7cbd3ee2eab602" "279915d154b766526c2e7065f22fc6fb" 3 deleted-in-org)
("C36A2C82-D043-41DD-B709-9909F1DC17F5" "2de149bee81c9b6ef7d5c50055c76e29" "145edb5a57efcb78249a5ce92c5c19d3" 0 deleted-in-org))) ("C36A2C82-D043-41DD-B709-9909F1DC17F5" "2de149bee81c9b6ef7d5c50055c76e29" "145edb5a57efcb78249a5ce92c5c19d3" 0 deleted-in-org)
("72240494-4406-4343-A786-47A5D9616AC9" "bc77f995ec089e0a4d43d2b7ad87fdad" "5b8846a2c68660684b6cafcc30bdb0df" 0 synced)))
(setq org-caldav-previous-files 'nil) (setq org-caldav-previous-files 'nil)

9
personal.org
View File

@@ -23,7 +23,7 @@ CLOCK: [2026-02-13 Fri 18:29]--[2026-02-13 Fri 21:46] => 3:17
:END: :END:
[2026-02-07 so 14:30] [2026-02-07 so 14:30]
** TODO [#C] Pojistka na blbost - zaplatit ** TODO [#C] Pojistka na blbost - zaplatit
SCHEDULED: <2026-02-26 Thu> SCHEDULED: <2026-02-27 Fri>
:PROPERTIES: :PROPERTIES:
:END: :END:
[2026-02-07 so 14:34] [2026-02-07 so 14:34]
@@ -61,10 +61,11 @@ DEADLINE: <2026-03-15 Sun>
[2026-02-09 Mon 12:57] [2026-02-09 Mon 12:57]
[[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/personal.org::*Zaplatit internet v práci][Zaplatit internet v práci]] [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/personal.org::*Zaplatit internet v práci][Zaplatit internet v práci]]
** TODO [#C] Mail processing ** TODO [#C] Mail processing
SCHEDULED: <2026-02-26 Thu ++2d> SCHEDULED: <2026-02-28 Sat ++2d>
:PROPERTIES: :PROPERTIES:
:LAST_REPEAT: [2026-02-24 Tue 17:27] :LAST_REPEAT: [2026-02-26 Thu 11:17]
:END: :END:
- State "DONE" from "TODO" [2026-02-26 Thu 11:17]
- State "DONE" from "TODO" [2026-02-24 Tue 17:27] - State "DONE" from "TODO" [2026-02-24 Tue 17:27]
- State "DONE" from "TODO" [2026-02-22 Sun 09:46] - State "DONE" from "TODO" [2026-02-22 Sun 09:46]
- State "DONE" from "TODO" [2026-02-20 Fri 12:41] - State "DONE" from "TODO" [2026-02-20 Fri 12:41]
@@ -80,7 +81,7 @@ CLOCK: [2026-02-12 čt 11:22]--[2026-02-12 čt 11:23] => 0:01
[2026-02-09 Mon 16:29] [2026-02-09 Mon 16:29]
** TODO [#B] Zlatnictví- prsten spravit ** TODO [#B] Zlatnictví- prsten spravit
SCHEDULED: <2026-02-26 Thu> SCHEDULED: <2026-02-27 Fri>
:PROPERTIES: :PROPERTIES:
:END: :END:
[2026-02-09 Mon 17:57] [2026-02-09 Mon 17:57]

58
roam/20260226094841-zabbix_healthchecks.org Normal file
View File

@@ -0,0 +1,58 @@
:PROPERTIES:
:ID: b396f72b-8f82-427e-97e4-07bf5fa1a974
:END:
#+title: Zabbix - HC related decissions
#+include: ~/org/templates/document_article.org
* ADR-0001 - Zabbix Proxy Configuration - RemoteCommands (control 1045)
| *ID* | ADR-0001 |
| *Subject* | Zabbix Proxy Configuration - RemoteCommands (control 1045) |
| *Status* | Proposed |
| *Date* | 2026-02-26 |
** Problem statement
*** Settings recommended by Kyndryl
"SM1.1.4.1
The RemoteCommands parameter in <proxy_configuration_file> controls whether the Zabbix Proxy accepts remote commands from the Zabbix Server.
RULES:
RemoteCommands must be disabled unless explicitly required and approved for a documented business need.
Enabling remote commands significantly increases security risk and must be carefully controlled.
In <proxy_configuration_file>:
RemoteCommands=0 → disables remote commands.
If the parameter is absent, the default behavior also disables remote commands."
*** Agreed to setting
"In <proxy_configuration_file>:
RemoteCommands=0 → disables remote commands.
If the parameter is absent, the default behavior also disables remote commands."
*** HC Implementation details :notoc:
"Ensure RemoteCommands=0 or parameter omitted in zabbix_proxy.conf.
Audit all included config fragments for any RemoteCommands=1 and remove.
Restart Proxy and verify via logs that remote commands are disabled."
** Alternatives
| ID | Description | Pros | Cons |
|----+--------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------|
| 1 | Implement the Kyndryl proposed settings | Compliant with SM1.1.4.1; reduced attack surface; no additional approval needed | Breaks existing monitoring for items without native templates; requires migration effort to replace all remote command-based checks |
| 2 | Do not implement the Kyndryl proposed settings | No disruption to existing monitoring; maintains coverage for non-template items | Non-compliant without formal exception; increased security risk; requires approved exception document |
| 3 | Migrate non-template checks to UserParameters or system.run[], then disable RemoteCommands | Compliant after migration; preserves monitoring coverage; uses least-privilege approach | Migration effort and testing required; temporary risk window during transition; ongoing maintenance of UserParameter configs |
** Decision
Option 2 — Maintain EnableRemoteCommands=1 on Zabbix proxies and request a formal security exception to SM1.1.4.1 with documented business justification.
** Justification
Custom monitoring templates use =system.run[]= item keys on agents (configured via =AllowKey=system.run[*]=) for checks where no native Zabbix template exists. The number of affected custom templates is significant, and migration would not be limited to rewriting the templates themselves — it would also require reconfiguring AllowKey directives and deploying UserParameter definitions on every affected agent, followed by agent restarts across the entire monitored environment. These items are collected through Zabbix proxies, and action-based remote commands for automated remediation are also forwarded through proxies. Disabling =EnableRemoteCommands= on proxies would break both data collection and automated remediation workflows.
From a cost-effectiveness perspective, this is legacy infrastructure with an officially planned end-of-life at the end of 2026. Investing significant effort into a full migration of custom templates and agent reconfiguration for an environment that will be decommissioned within the year is not justified. The effort-to-benefit ratio strongly favors maintaining the current setup for the remaining operational period.
** Implications
All existing checks that rely on RemoteCommands must be inventoried and catalogued before migration begins. Each check needs to be converted to a UserParameter entry (or AllowKey directive in Zabbix Agent 2) deployed to the relevant hosts. Testing must confirm equivalent alerting behavior before RemoteCommands is disabled. Configuration management (Ansible/Puppet) must distribute the new UserParameter files consistently. A transition timeline with a defined cutover date should be agreed with Kyndryl.
A formal security exception request must be submitted to Kyndryl with documented business justification referencing this ADR. The exception must include a list of affected proxies and the scope of =system.run[]= usage. The exception should be time-bounded by the planned infrastructure end-of-life at end of 2026. =LogRemoteCommands=1= should be enabled on agents where not already active to provide an audit trail supporting the exception request.
** Derived requirements
- DR-001: Submit formal exception request to Kyndryl for SM1.1.4.1, referencing this ADR and the business need for =EnableRemoteCommands=1= on proxies.
- DR-002: Include the planned infrastructure end-of-life (end of 2026) as the exception expiration date.
- DR-003: Inventory all =system.run[]= items and document which custom templates depend on this mechanism.
- DR-004: Enable =LogRemoteCommands=1= on all Zabbix agents to maintain an audit trail of executed remote commands.

85
templates/document_article.org Normal file
View File

@@ -0,0 +1,85 @@
# #+TITLE: Document Title
#+AUTHOR: Martin Sukany
#+DATE: \today
#+LANGUAGE: en
#+OPTIONS: toc:2 num:t H:4 ^:nil tags:nil
# -- LaTeX class ---------------------------------------------------------------
#+LATEX_CLASS: article
#+LATEX_CLASS_OPTIONS: [a4paper,11pt]
# -- Encoding, typografie ------------------------------------------------------
#+LATEX_HEADER: \usepackage[czech]{babel}
#+LATEX_HEADER: \usepackage[T1]{fontenc}
#+LATEX_HEADER: \usepackage[utf8]{inputenc}
#+LATEX_HEADER: \usepackage{microtype}
#+LATEX_HEADER: \sloppy
# -- Font (Helvetica / sans-serif) ---------------------------------------------
#+LATEX_HEADER: \usepackage{helvet}
#+LATEX_HEADER: \renewcommand{\familydefault}{\sfdefault}
# -- Page geometry -------------------------------------------------------------
#+LATEX_HEADER: \usepackage[a4paper,margin=2.2cm]{geometry}
# -- Barvy (Kyndryl red accent, neutral tables) --------------------------------
#+LATEX_HEADER: \usepackage[table,x11names]{xcolor}
#+LATEX_HEADER: \definecolor{kyndrylRed}{RGB}{196,0,0}
#+LATEX_HEADER: \definecolor{linkcolor}{RGB}{196,0,0}
#+LATEX_HEADER: \definecolor{tableOdd}{RGB}{252,252,252}
#+LATEX_HEADER: \definecolor{tableEven}{RGB}{237,237,237}
# -- Hyperlinks ----------------------------------------------------------------
#+LATEX_HEADER: \usepackage{hyperref}
#+LATEX_HEADER: \hypersetup{colorlinks=true,linkcolor=linkcolor,urlcolor=linkcolor,citecolor=linkcolor,pdfencoding=auto,unicode=true}
#+LATEX_HEADER: \usepackage{xurl}
# -- Obrazky -------------------------------------------------------------------
#+LATEX_HEADER: \usepackage{graphicx}
# -- Tabulky -------------------------------------------------------------------
# ltablex = longtable + tabularx (dlouhe AND siroke tabulky)
#+LATEX_HEADER: \usepackage{array}
#+LATEX_HEADER: \usepackage{tabularx}
#+LATEX_HEADER: \usepackage{longtable}
#+LATEX_HEADER: \usepackage{ltablex}
#+LATEX_HEADER: \keepXColumns
#+LATEX_HEADER: \usepackage{booktabs}
#+LATEX_HEADER: \usepackage{colortbl}
#+LATEX_HEADER: \usepackage{etoolbox}
#+LATEX_HEADER: \usepackage{ragged2e}
# Stridave barvy radku -- vsechny typy tabulek
#+LATEX_HEADER: \AtBeginEnvironment{longtable}{\rowcolors{1}{tableOdd}{tableEven}}
#+LATEX_HEADER: \AtBeginEnvironment{tabularx}{\rowcolors{1}{tableOdd}{tableEven}}
#+LATEX_HEADER: \AtBeginEnvironment{tabular}{\rowcolors{1}{tableOdd}{tableEven}}
# Typy sloupcu: Y=wrap+levy, Z=wrap+stred, R=wrap+pravy
#+LATEX_HEADER: \newcolumntype{Y}{>{\RaggedRight\arraybackslash}X}
#+LATEX_HEADER: \newcolumntype{Z}{>{\Centering\arraybackslash}X}
#+LATEX_HEADER: \newcolumntype{R}{>{\RaggedLeft\arraybackslash}X}
# -- Header & footer -----------------------------------------------------------
#+LATEX_HEADER: \usepackage{fancyhdr}
#+LATEX_HEADER: \pagestyle{fancy}
#+LATEX_HEADER: \fancyhf{}
#+LATEX_HEADER: \lhead{\small\nouppercase{\leftmark}}
#+LATEX_HEADER: \rhead{\small\thepage}
#+LATEX_HEADER: \renewcommand{\headrulewidth}{0.4pt}
#+LATEX_HEADER: \renewcommand{\headrule}{\hbox to\headwidth{\color{kyndrylRed}\leaders\hrule height \headrulewidth\hfill}}
# -- Code bloky ----------------------------------------------------------------
#+LATEX_HEADER: \usepackage{listings}
#+LATEX_HEADER: \lstset{backgroundcolor=\color{yellow!20},basicstyle=\ttfamily\small,breaklines=true,frame=single}
# -- Titulni strana ------------------------------------------------------------
#+LATEX_HEADER: \usepackage{titling}
#+LATEX_HEADER: \renewcommand{\maketitle}{%
#+LATEX_HEADER: \begin{titlepage}\centering\vspace*{\fill}%
#+LATEX_HEADER: {\LARGE\bfseries\thetitle\par}\vspace{1em}%
#+LATEX_HEADER: {\large\theauthor\par}\vspace{2em}%
#+LATEX_HEADER: {\normalsize\itshape\thedate\par}\vspace{2em}%
#+LATEX_HEADER: \includegraphics[width=0.30\textwidth]{~/org/templates/logo.png}\par%
#+LATEX_HEADER: \vspace*{\fill}\end{titlepage}}
# ------------------------------------------------------------------------------
# Obsah dokumentu
# ------------------------------------------------------------------------------

12
work.org
View File

@@ -26,7 +26,7 @@ SCHEDULED: <2026-05-19 Tue ++3m>
:END: :END:
[2026-02-16 Mon 15:34] [2026-02-16 Mon 15:34]
* TODO [#A] vycistit kavovar v praci * TODO [#A] vycistit kavovar v praci
SCHEDULED: <2026-02-26 Thu> SCHEDULED: <2026-03-02 Mon>
:PROPERTIES: :PROPERTIES:
:END: :END:
[2026-02-18 Wed 10:13] [2026-02-18 Wed 10:13]
@@ -36,7 +36,7 @@ SCHEDULED: <2026-02-26 Thu>
:END: :END:
[2026-02-19 Thu 11:52] [2026-02-19 Thu 11:52]
[[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/work.org::*Šablony dokumenty][Šablony dokumenty]] [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/work.org::*Šablony dokumenty][Šablony dokumenty]]
* TODO Open CA - final certification request * TODO [#C] Open CA - final certification request
DEADLINE: <2026-03-07 so> DEADLINE: <2026-03-07 so>
:PROPERTIES: :PROPERTIES:
:END: :END:
@@ -46,7 +46,7 @@ Sync s Jirkou a Zabojnikem
SCHEDULED: <2026-02-24 Tue ++1d> SCHEDULED: <2026-02-24 Tue ++1d>
:PROPERTIES: :PROPERTIES:
:END: :END:
* TODO OpenShift - vyzkouset connectivity * TODO [#B] OpenShift - vyzkouset connectivity
SCHEDULED: <2026-02-26 Thu> SCHEDULED: <2026-02-26 Thu>
:PROPERTIES: :PROPERTIES:
:END: :END:
@@ -103,17 +103,17 @@ workdirs na testaku
/root/ocp-installation/ocp-installer/day-2G /root/ocp-installation/ocp-installer/day-2G
[2026-02-20 Fri 13:59] [2026-02-20 Fri 13:59]
* TODO RedHat pozice * TODO [#C] RedHat pozice
SCHEDULED: <2026-02-25 Wed> SCHEDULED: <2026-02-25 Wed>
:PROPERTIES: :PROPERTIES:
:END: :END:
[2026-02-21 Sat 20:35] [2026-02-21 Sat 20:35]
* TODO Pavel Grauer-feedback-Workday * TODO [#A] Pavel Grauer-feedback-Workday
DEADLINE: <2026-02-27 Fri> DEADLINE: <2026-02-27 Fri>
:PROPERTIES: :PROPERTIES:
:SOURCE: reMarkable :SOURCE: reMarkable
:SYNCED: 2026-02-22 23:30 :SYNCED: 2026-02-22 23:30
:END: :END:
* TODO Uklidit v org / roam * TODO [#A] Uklidit v org / roam
SCHEDULED: <2026-02-26 Thu> SCHEDULED: <2026-02-26 Thu>
[2026-02-25 Wed 12:54] [2026-02-25 Wed 12:54]