lehnert-claude-skills

Generates production-ready bash scripts for any Linux task from a plain English description — backups, monitoring, deployment, cron jobs, health checks, database maintenance.

Audits Linux config files (nginx, Apache, sshd, systemd units, iptables, nftables, fail2ban, sudoers, sysctl, pg_hba.conf, my.cnf, redis.conf) for security issues, misconfigurations, and performance gaps.

Generates or optimizes docker-compose.yml for any self-hosted app or cloud replacement (Google Photos→Immich, Gmail→Mailcow, ChatGPT→Ollama) — full stacks with health checks, named volumes, and .env setup.

Generates a complete Linux server hardening plan with ready-to-apply scripts and configs covering SSH, firewall, fail2ban, sysctl, auditd, and user security.

Analyzes Linux log files (auth.log, syslog, nginx, Apache, journalctl, Docker, fail2ban) for errors, security threats, brute force attacks, crashes, and anomalies.

Sets up a complete monitoring stack (Prometheus, Grafana, Node Exporter, Loki, Alertmanager, Uptime Kuma, Netdata) for any Linux server, Docker host, or application.

Configures Linux networking — static IP, routing, VLANs, bonding, bridges, WireGuard, OpenVPN, iptables, nftables, firewalld, DNS, and network troubleshooting.

Designs and generates complete Linux backup solutions using restic, BorgBackup, rsync, or tar — with encryption, encryption key management, remote storage, retention policies, database backups, Docker volume backups, and restore procedures.

Creates, debugs, and hardens systemd service, timer, socket, path, and mount units — with sandboxing, resource limits, restart policies, and timer scheduling.

Generates production-ready cron jobs with /etc/cron.d/ entries and wrapper scripts featuring flock locking, logging, log rotation, and failure alerting.

Diagnoses and fixes SELinux denials — file context relabeling, boolean toggles, port labeling, and custom policy modules. Never suggests disabling SELinux.

Profiles a Linux system and generates tuned sysctl, CPU governor, I/O scheduler, and workload-specific configs for web, database, networking, HPC, or general workloads.

Generates vulnerability scan scripts for Linux servers, Docker containers, and web apps using Trivy (CVE), nmap (ports), testssl.sh (TLS), and Nikto (web) — for authorized security assessments only.

Manages this skill shop – lists all skills, recommends the right one for any task, and creates new skills on demand.

Analyzes software ideas for feasibility, target audience, core features, technical complexity, risks, and MVP scope – pure planning, no code generation.

Generates ready-to-copy Mermaid, PlantUML, and ASCII diagrams from any software description, idea, or sw-idea-analyzer output.

Generates a complete user story document with acceptance criteria and priorities from requirements/vision.md or any software description.

Generates a complete use case document with actors, flows, exceptions, and acceptance criteria from user-stories.md, vision.md, or any software description.

Recommends the best modern tech stack and generates requirements/tech-stack.yaml with Docker-first setup, Testcontainers, and full rationale.

Generates production-ready code for selected use cases (UC-01, US-03, all MVP) from tech-stack.yaml and use-cases.md — writes files directly into workspace root.

Scaffolds a complete project from tech-stack.yaml into the workspace root — root configs, source structure, database files, Docker, and UI foundation in one command.

Creates the source code skeleton (entry points, modules, controllers) from tech-stack.yaml.

Creates root-level project config files (package.json, tsconfig.json, pom.xml, .gitignore etc.) from tech-stack.yaml.

Creates database and ORM foundation files (Prisma schema, Flyway migration, SQLAlchemy setup) from tech-stack.yaml.

Creates Docker infrastructure files (docker-compose.yml, Dockerfiles, .dockerignore, Traefik config) from tech-stack.yaml.

Creates UI foundation files (Tailwind config, shadcn/ui setup, global styles, layout components) from tech-stack.yaml.