Copy-paste command reference for kldloadOS operations.

No explanations. Just commands. For someone who already has kldload running and needs to get things done.

Build & Deploy

# Full rebuild from scratch
./deploy.sh clean && ./deploy.sh builder-image && PROFILE=desktop ./deploy.sh build

# Build ISO only (uses cached darksites)
PROFILE=desktop ./deploy.sh build

# Deploy to KVM + Proxmox + print USB command
./deploy.sh deploy-all

# Full pipeline: build + deploy + burn + upload
./rebuild-all.sh

USB Operations

# One-liner: download + burn + eject (replace /dev/sdX)
curl -L -o /tmp/kldload.iso https://dl.kldload.com/kldload-free-latest.iso && \
  dd if=/tmp/kldload.iso of=/dev/sdX bs=4M status=progress oflag=sync conv=fsync && \
  sync && eject /dev/sdX

# Burn local ISO
dd if=kldload-free-*.iso of=/dev/sdX bs=4M status=progress oflag=sync conv=fsync && sync

# Quick wipe USB (no zerofill — 2 seconds)
wipefs -a /dev/sdX && sgdisk --zap-all /dev/sdX

# Verify checksum
sha256sum -c kldload-free-latest.iso.sha256

KVM / libvirt

# Create a VM from the ISO
virt-install --name kldload-vm1 --ram 4096 --vcpus 4 \
  --disk path=/var/lib/libvirt/images/kldload-vm1.qcow2,size=40,format=qcow2 \
  --cdrom /var/lib/libvirt/images/kldload-free-latest.iso \
  --os-variant centos-stream9 --network network=default \
  --graphics vnc,listen=0.0.0.0 \
  --boot uefi,firmware.feature0.enabled=no,firmware.feature0.name=secure-boot \
  --noautoconsole

# Batch create 4 VMs
for i in 1 2 3 4; do
  virt-install --name kldload-test${i} --ram 4096 --vcpus 4 \
    --disk path=/var/lib/libvirt/images/kldload-test${i}.qcow2,size=40,format=qcow2 \
    --cdrom /var/lib/libvirt/images/kldload-free-latest.iso \
    --os-variant centos-stream9 --network network=default \
    --graphics vnc,listen=0.0.0.0 \
    --boot uefi,firmware.feature0.enabled=no,firmware.feature0.name=secure-boot \
    --noautoconsole
done

# List VMs + VNC ports
virsh list --all
for vm in $(virsh list --all --name); do
  echo "$vm → VNC $(virsh vncdisplay $vm 2>/dev/null)"
done

# Get VM IPs
virsh net-dhcp-leases default

# Get specific VM IP
virsh domifaddr kldload-vm1

# Console access
virsh console kldload-vm1      # serial (Ctrl+] to exit)
virsh vncdisplay kldload-vm1   # VNC port

# Lifecycle
virsh start kldload-vm1
virsh shutdown kldload-vm1     # graceful
virsh destroy kldload-vm1      # force stop
virsh reboot kldload-vm1
virsh autostart kldload-vm1    # start on host boot

# Destroy specific VM + disk
virsh destroy kldload-vm1 && virsh undefine kldload-vm1 --nvram --remove-all-storage

# Destroy ALL VMs
for vm in $(virsh list --all --name); do
  virsh destroy "$vm" 2>/dev/null
  virsh undefine "$vm" --nvram --remove-all-storage 2>/dev/null
done

# CoW clone from golden image (instant, near-zero space)
qemu-img create -f qcow2 -b golden.qcow2 -F qcow2 clone-1.qcow2

# Resize VM disk
virsh shutdown kldload-vm1
qemu-img resize /var/lib/libvirt/images/kldload-vm1.qcow2 +20G

# Live migration to another host
virsh migrate --live kldload-vm1 qemu+ssh://other-host/system

Proxmox

# Upload ISO + create VM
scp kldload-free-*.iso root@proxmox:/var/lib/vz/template/iso/

# Create VM (q35, host CPU, OVMF, TPM, virtio-scsi)
ssh root@proxmox "qm create 900 --name kldload \
  --machine q35 --cpu host --cores 4 --memory 4096 --balloon 0 \
  --bios ovmf --efidisk0 local-zfs:1,efitype=4m \
  --tpmstate0 local-zfs:1,version=v2.0 \
  --scsi0 local-zfs:40,discard=on,iothread=1,ssd=1 \
  --scsihw virtio-scsi-single \
  --ide2 local:iso/kldload-free-latest.iso,media=cdrom \
  --net0 virtio,bridge=vmbr0 \
  --serial0 socket \
  --boot order='ide2;scsi0' --ostype l26 \
  && qm start 900"

# Clone a VM on Proxmox
ssh root@proxmox "qm clone 900 901 --name kldload-clone --full"

# Start / stop / destroy
ssh root@proxmox "qm start 900"
ssh root@proxmox "qm stop 900"
ssh root@proxmox "qm destroy 900 --purge"

# Import qcow2 as disk
ssh root@proxmox "qm importdisk 900 /var/lib/vz/images/kldload.qcow2 local-zfs"

ZFS Operations

# ── Snapshots ──

# Snapshot all datasets recursively
zfs snapshot -r rpool@$(date +%Y%m%d-%H%M%S)

# Snapshot a specific dataset
zfs snapshot rpool/srv/data@before-change

# List all snapshots (newest first)
zfs list -t snapshot -o name,used,creation -S creation

# Rollback
zfs rollback rpool/srv/data@before-change

# Destroy a snapshot
zfs destroy rpool/srv/data@before-change

# Destroy all snapshots matching a pattern
zfs list -t snapshot -H -o name | grep "pattern" | xargs -n1 zfs destroy


# ── Cloning ──

# Instant CoW clone
zfs snapshot rpool/srv/prod@clone-src
zfs clone rpool/srv/prod@clone-src rpool/srv/staging

# Promote a clone to independent dataset
zfs promote rpool/srv/staging


# ── Replication ──

# Full send to remote
zfs snapshot -r rpool@replicate
zfs send -R rpool@replicate | ssh backup-server zfs receive -F tank/backup

# Incremental send
zfs snapshot -r rpool@snap2
zfs send -R -i rpool@snap1 rpool@snap2 | ssh backup-server zfs receive -F tank/backup

# Compressed send
zfs send -R rpool@snap | zstd -3 | ssh backup-server "zstd -d | zfs receive -F tank/backup"

# Syncoid (automated — handles incrementals)
syncoid -r rpool backup-server:tank/backup


# ── Pool Operations ──

# Pool health
zpool status rpool
zpool list

# Scrub (verify all checksums)
zpool scrub rpool

# Pool I/O stats (live, 2 second interval)
zpool iostat rpool 2

# ARC cache stats
cat /proc/spl/kstat/zfs/arcstats | grep -E "^hits|^misses|^size"

# Set ARC max (4GB)
echo "options zfs zfs_arc_max=4294967296" > /etc/modprobe.d/zfs-arc.conf


# ── Datasets ──

# Create dataset
zfs create -o mountpoint=/srv/myapp -o compression=lz4 rpool/srv/myapp

# Create with quota
zfs create -o mountpoint=/srv/db -o recordsize=8k -o quota=100G rpool/srv/db

# List all datasets
zfs list -o name,used,avail,compress,mountpoint

# Check compression ratio
zfs get compressratio rpool

# Change compression
zfs set compression=zstd rpool/srv/archive

# Destroy dataset
zfs destroy rpool/srv/test


# ── Boot Environments ──

# Create boot environment
zfs snapshot rpool/ROOT/default@before-upgrade

# List boot environments
zfs list -r rpool/ROOT -o name,used,mountpoint

# Set active boot environment
zpool set bootfs=rpool/ROOT/default rpool

# Rollback to previous BE
zfs rollback rpool/ROOT/default@before-upgrade

WireGuard

# Generate keypair
umask 077 && wg genkey | tee /etc/wireguard/private.key | wg pubkey > /etc/wireguard/public.key

# Generate pre-shared key (post-quantum protection)
wg genpsk > /etc/wireguard/psk.key

# Start / stop / enable at boot
systemctl enable --now wg-quick@wg0
systemctl stop wg-quick@wg0
wg-quick up wg0
wg-quick down wg0

# Show all interfaces + handshakes
wg show

# Show transfer stats
wg show wg0 transfer

# Show latest handshakes
wg show wg0 latest-handshakes

# Add peer live (no restart)
wg set wg0 peer <pubkey> allowed-ips 10.200.0.5/32 endpoint 1.2.3.4:51820 persistent-keepalive 25

# Remove peer live
wg set wg0 peer <pubkey> remove

# Dump running config
wg showconf wg0

# Save running config to file
wg showconf wg0 > /etc/wireguard/wg0.conf

# Start 4 WireGuard planes (cluster mode)
for iface in wg0 wg1 wg2 wg3; do systemctl enable --now wg-quick@${iface}; done

# Check all planes
for iface in wg0 wg1 wg2 wg3; do echo "=== $iface ===" && wg show $iface; done

Image Export

# Export to specific format
kexport qcow2       # KVM / Proxmox / OpenStack
kexport raw          # dd-ready / AWS import
kexport vhd          # Azure / Hyper-V
kexport vmdk         # VMware ESXi / vSphere
kexport ova          # VMware / VirtualBox portable
kexport all          # all five formats

# Export with custom name
KEXPORT_NAME=myserver kexport qcow2

# Upload raw to AWS as AMI
kexport raw
aws s3 cp kldload-export-*.raw s3://my-images/
aws ec2 import-image \
  --disk-containers "Format=RAW,UserBucket={S3Bucket=my-images,S3Key=kldload-export-*.raw}" \
  --boot-mode uefi

# Upload VHD to Azure
kexport vhd
az storage blob upload --account-name myaccount --container images \
  --name kldload.vhd --type page --file kldload-export-*.vhd
az image create --resource-group mygroup --name kldload \
  --os-type Linux --source https://myaccount.blob.core.windows.net/images/kldload.vhd

# Convert between formats manually
qemu-img convert -f qcow2 -O raw input.qcow2 output.raw
qemu-img convert -f raw -O vmdk -o subformat=streamOptimized input.raw output.vmdk

Fleet Operations

# Run command on multiple nodes
for ip in 10.200.0.{1..16}; do
  echo "=== $ip ==="
  ssh admin@$ip 'zpool status rpool | head -5' 2>&1
done

# Check pool health across fleet
for ip in 10.200.0.{1..16}; do
  health=$(ssh admin@$ip 'zpool list -H -o health rpool' 2>/dev/null)
  echo "$ip: $health"
done

# Patch a file on all nodes
for ip in 10.200.0.{1..16}; do
  scp bootstrap.sh admin@$ip:/tmp/
  ssh admin@$ip "sudo cp /tmp/bootstrap.sh /usr/lib/kldload-installer/lib/bootstrap.sh"
done

# Snapshot all nodes before upgrade
for ip in 10.200.0.{1..16}; do
  ssh admin@$ip "sudo zfs snapshot -r rpool@pre-upgrade-$(date +%Y%m%d)" &
done; wait

# Rolling upgrade
for ip in 10.200.0.{1..16}; do
  echo "=== Upgrading $ip ==="
  ssh admin@$ip "sudo zfs snapshot -r rpool@pre-upgrade && sudo kupgrade"
  sleep 5
done

# Verify all nodes
for ip in 10.200.0.{1..16}; do
  echo "=== $ip ==="
  ssh admin@$ip 'hostname; zpool list -H -o health rpool; zfs list -H -o name | wc -l; uname -r'
done

# Copy SSH key to all nodes
for ip in 10.200.0.{1..16}; do
  ssh-copy-id admin@$ip
done

kldloadOS Tools (Desktop & Server profiles)

# System health dashboard
kst

# Snapshot all key datasets
ksnap

# Snapshot specific path
ksnap /home

# List snapshots
ksnap list

# Rollback
ksnap rollback /home

# Boot environment management
kbe list
kbe create before-upgrade
kbe activate before-upgrade
kbe delete old-be

# Instant clone
kclone /srv/prod /srv/staging

# ZFS-aware disk usage
kdf

# Create ZFS dataset (instead of mkdir)
kdir /srv/myproject
kdir -o compression=zstd -o quota=50G /srv/archive

# Universal package manager (auto-detects apt/dnf, snapshots first)
kpkg install nginx
kpkg remove nginx
kpkg search redis
kpkg update
kpkg upgrade
kpkg list
kpkg info nginx

# Safe system upgrade (creates boot environment first)
kupgrade

# Disaster recovery (boot from kldload ISO)
krecovery import rpool
krecovery list-be
krecovery activate <snapshot>
krecovery chroot
krecovery reinstall-bootloader /dev/sda
krecovery export-logs /mnt/usb

eBPF / Observability

# Trace every process launched
execsnoop

# Trace file opens
opensnoop

# TCP connections with PID
tcpconnect

# TCP sessions with duration + bytes
tcplife

# TCP retransmits (network problems)
tcpretrans

# Disk I/O latency histogram
biolatency

# Slow file operations (>10ms)
fileslower 10

# Per-process I/O
biotop

# Cache hit rate
cachestat

# CPU scheduler latency
runqlat

# ZFS slow operations (>1ms)
zfsslower 1

# Custom bpftrace: who is opening files?
bpftrace -e 'tracepoint:syscalls:sys_enter_openat { printf("%s %s\n", comm, str(args.filename)); }'

# Count syscalls by process
bpftrace -e 'tracepoint:raw_syscalls:sys_enter { @[comm] = count(); }'

# Histogram of read sizes
bpftrace -e 'tracepoint:syscalls:sys_exit_read /args.ret > 0/ { @bytes = hist(args.ret); }'

# Packet count per WireGuard interface
bpftrace -e 'tracepoint:net:net_dev_xmit /str(args.name) == "wg0"/ { @packets = count(); }'

Networking

# Set static IP
nmcli connection modify "Wired connection 1" \
  ipv4.method manual ipv4.addresses 10.100.10.50/24 \
  ipv4.gateway 10.100.10.1 ipv4.dns "1.1.1.1"
nmcli connection up "Wired connection 1"

# Switch to DHCP
nmcli connection modify "Wired connection 1" ipv4.method auto
nmcli connection up "Wired connection 1"

# Create bridge for VMs
nmcli connection add type bridge ifname br0 con-name br0 \
  ipv4.method manual ipv4.addresses 10.100.10.50/24 \
  ipv4.gateway 10.100.10.1 ipv4.dns "1.1.1.1"
nmcli connection add type bridge-slave ifname eth0 master br0
nmcli connection up br0

# Firewall — open ports (CentOS/RHEL)
firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --permanent --add-port=51820/udp
firewall-cmd --permanent --zone=trusted --add-interface=wg0
firewall-cmd --reload

# Firewall — open ports (Debian)
nft add rule inet filter input tcp dport 8080 accept
nft add rule inet filter input udp dport 51820 accept

# Enable IP forwarding
sysctl -w net.ipv4.ip_forward=1
echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/99-forwarding.conf

Unattended Install

# Create answers file
cat > /tmp/answers.env << 'EOF'
KLDLOAD_DISTRO=debian
KLDLOAD_DISK=/dev/vda
KLDLOAD_HOSTNAME=my-server
KLDLOAD_USERNAME=admin
KLDLOAD_PASSWORD=changeme
KLDLOAD_PROFILE=server
KLDLOAD_NET_METHOD=dhcp
KLDLOAD_TIMEZONE=UTC
EOF

# Run unattended install
kldload-install-target --config /tmp/answers.env

# Core profile (ZFS only, no tools)
KLDLOAD_PROFILE=core kldload-install-target --config /tmp/answers.env

# Manual storage mode (drops to shell for custom pool layout)
KLDLOAD_STORAGE_MANUAL=1 kldload-install-target --config /tmp/answers.env

R2 / Cloud Storage

# Upload ISO to R2
aws s3 cp kldload-free-*.iso s3://kldload-releases/kldload-free-latest.iso \
  --endpoint-url https://YOUR_ACCOUNT.r2.cloudflarestorage.com --profile r2

# Upload checksum
sha256sum kldload-free-*.iso | sed 's|.*/|kldload-free-latest.iso  |' > /tmp/latest.sha256
aws s3 cp /tmp/latest.sha256 s3://kldload-releases/kldload-free-latest.iso.sha256 \
  --endpoint-url https://YOUR_ACCOUNT.r2.cloudflarestorage.com --profile r2

# List bucket
aws s3 ls s3://kldload-releases/ \
  --endpoint-url https://YOUR_ACCOUNT.r2.cloudflarestorage.com --profile r2 --human-readable

Website Deploy

# Deploy website (git pull on hosting)
ssh -i ~/.ssh/kldload-deploy kldload.com@ssh.us.stackcp.com "cd ~/public_html && git pull"

# Check GitHub traffic
curl -s -H "Authorization: token TOKEN" \
  "https://api.github.com/repos/kldload/kldload/traffic/clones" | jq '.count, .uniques'