Black Magic Lab · OAT Cheatsheet
⌘K
Observatory · Automation · Reliability

Black Magic Lab Cheatsheet

Cheatsheets, calculators, architecture designer, regex builder, and a GUI wizard — all offline. Press ⌘K to fly anywhere.

⌘K
snippets
20architectures
12calculators
9themes

matches · filtered by

Browse by topic

Featured

Configuration management
Ansible — 16 deep snippets
Collections · ansible-lint · Molecule · EE · AWX/AAP · EDA rulebooks · Vault · real playbooks
Infrastructure as Code
Terraform 1.13 + OpenTofu
Modules, workspaces, state, Sentinel, drift detection, import blocks
Live diagram editor
Architecture Designer
20 reference templates · Mermaid + D2 · export PNG/SVG
New project? Start here
GUI Builder Wizard
Step-through: scope → infra → CI/CD → obs → security → docs. Outputs your runbook.
Linux + Windows + Cloud
Firewalls & Rules
UFW · iptables · nftables · firewalld · PowerShell NetSecurity · K8s NetworkPolicies
Production-grade
Docker & Kubernetes
BuildKit cache mounts · distroless · Cosign · NetworkPolicy · Helm · Operators · Istio Ambient

Power-user shortcuts

  • / or ⌘K — universal search palette
  • g then o/a/k/c/f/t/d/w/r/b — jump to section (o=Obs, a=Auto, k=K8s, c=Cloud, f=Firewall, t=Tools, d=Designer, w=Wizard)
  • t — cycle theme · ? — full shortcut overlay
  • Star any snippet to bookmark it (saved locally only)

Ansible — agentless config & EDA in one

Ansible runs idempotent playbooks over SSH/WinRM (no agents), plus Event-Driven Ansible (rulebooks) reacts to webhooks/Kafka/AWX events to auto-remediate. Use it for VM config, Day-2 ops, and incident actions; pair with Terraform (infra) and ArgoCD/Flux (K8s GitOps).

Jump to Ansible group → Official docs EDA rulebooks

Calculators & Decoders

Twelve interactive utilities — all run locally in your browser.

IPv4 CIDR

IPv6 CIDR

/64  ← single LAN (default)
/56  ← 256 LANs (typical site)
/48  ← 65 536 LANs (enterprise)
fc00::/7  ULA (private)
fe80::/10 link-local
ff00::/8  multicast

SLO / Error budget

Burn-rate alerting (MWMBR)

Google SRE Workbook §5 — multi-window multi-burn-rate.

Availability table

JWT decoder

Base64

URL & Hex

Cron expression

Regex Builder — guided generator

Tester (live)

YAML

JSON

ID generator

Hash

Timestamp

Color converter

Architecture Designer

Live Mermaid + D2 editor with 20 reference architectures. Edit the text on the left, see the diagram on the right. Export PNG/SVG. Each template has inline comments explaining its purpose and components.

Templates ()

GUI Builder Wizard

Step-through planning for any new infra / software / automation project. Walks you through the priority order architects use, then outputs a tailored checklist + recommended diagram + commands.

Quick Reference

CIDR table, ports, availability matrix — at-a-glance.

CIDR / Subnet table (IPv4)

Well-known ports

Availability table

Private / reserved IP ranges

RFC1918 private:    10.0.0.0/8     172.16.0.0/12     192.168.0.0/16
RFC6598 CGNAT:      100.64.0.0/10
RFC3927 link-local: 169.254.0.0/16
Loopback:           127.0.0.0/8
Multicast:          224.0.0.0/4
Reserved:           240.0.0.0/4

IPv6 link-local:    fe80::/10
IPv6 ULA:           fc00::/7
IPv6 multicast:     ff00::/8
IPv6 loopback:      ::1/128
IPv6 global unicast 2000::/3

Cloud subnet reserved IPs

AWS VPC subnet:  5 reserved per subnet (.0 network, .1 router, .2 DNS, .3 future, .last broadcast)
                 Subnet sizes: /16 (largest) → /28 (smallest, 11 usable hosts)
Azure VNet:      5 reserved per subnet (.0 .1 .2 .3 .last)
                 Special subnets must be named: GatewaySubnet, AzureFirewallSubnet, AzureBastionSubnet
GCP VPC:         No 5-reserved rule. 4 reserved: network (.0), gateway (.1), .2nd-to-last, broadcast (.last)
                 Subnets are regional. Primary + secondary IP ranges (alias IP).
K8s typical:     Pod CIDR  10.244.0.0/16  (262 142 IPs — sufficient for ~250 nodes × 256 pods)
                 Service CIDR 10.96.0.0/12 (1 048 574 IPs — typically /16 is fine: 10.96.0.0/16)

AI Assistant

Chat with any OpenAI-compatible LLM (Ollama, llama.cpp, vLLM, BML API). Ask about syntax, when/where to use a command, or to explain a snippet — answers are grounded in this cheatsheet via RAG.

not loaded 🔑 AUTH · unlimited
Local engine: downloads a GGUF model into browser cache and runs it on-device — no network after first load. Works on Android & iOS.
Remote engine — CORS: for Ollama, start it with OLLAMA_ORIGINS="*" ollama serve. For llama.cpp use --host 0.0.0.0 --port 8080. From phone: point endpoint at your host's LAN IP (e.g. http://192.168.0.107:11434/v1).
Enter send · Shift+Enter newline · grounded with top- snippets · guest tier · transcript not saved

Bookmarks

Your starred snippets — saved locally in this browser.

Keyboard shortcuts

Navigation

Open command paletteK · /
Homegh
Observabilitygo
Automationga
Docker / K8sgk
Cloud / Net / SREgc
Calculatorsgt
Designergd
Referencegr
Bookmarksgb

UI

Theme menut
This dialog?
Close any modalEsc