hardware network technology tplink vlan linux saltstack server windows bash certificate debian openssl openvpn security ssl vpn web rfc rfc3850 apple ipod work backup iscsi backuppc automation luks cryptsetup git icinga monitoring nginx jekyll wordpress gitea webhook apt packages development docker singularity video laptop thinkpad lenovo graphics firefox containers active-directory osx google-authenticator sudo internet plusnet pppoe vigor javascript react react_native testing jest time_machine dell xps-13-9370 dvd broadband eap225 plex sky tplink_omada rawlplugs diy gpg playstation ps3 usb ppp bonding lacp nas netgear powershell scripting ssh microsoft teams hp hpe ilo kvm red-hat virtualisation vmware kickstart preseed munin python dns dnsmasq centos kerberos devops apc bx1400ui nut readynas rn214 ups code-rack dehydrated lets-encrypt mythic-beasts github github_actions linting slurm ansible azure azure_devops vnc ldap life musing non-technical random raspberry-pi troubleshooting firewall iptables virgin hpc excel cloud docker-registry environment-modules lmod modules ubuntu easybuild vs-code nextcloud terraform systemd storage television email opendkim postfix rfc6376 ntp puppet django vim air-gapped catalyst cisco dhcp home-lab m72e proxmox mirrors ceph high-availability chrony systemd-timesyncd activation disaster-recovery bios power uefi updates ap7920 console minicom pdu serial proxy qr-code blog faults debmirror gentoo portage reposync rocky rpm pip freeradius radius ipxe isc-dhcp-server pxe virtualbox find fail2ban dban audio cover-art flac gimp images imagemagick jpeg nw-a45 sony tagging macos pypi abcde cd-ripping cddb music 2fa authenticator bastion caring dia efi firewalld grub intel-rst keepass logitech tpm windows-10 windows-11 awesomewm desktop lua timezone dictionary symlinks wordlist gitlab arm hashicorp jinja vault amavis databases postgresql uwsgi apt-mirror cron hcl json rfc8555 tcpdump yaml chocolatey intel-nuc microsoft-office oki-mc363-dn registry btrfs lvm raid apache icingaweb lighttpd php php-fpm accessibility dog-friendly dogs eating-out food pub restaurant review privacy software hp-elitedesk-800-g2 xrandr social-media twitter firmware hyper-v zenity secure-boot lsb podman scientific-linux nagios draytek fttc vdsl vigor-130 ncsc system-administration bind chef kubernetes online-courses suse training internet-of-things solar solis hp-elitedesk-800-g4 glow-green cis-benchmark cfengine networking dropbear initramfs rfc2131 standards-compliance pam dt92e evohome hr92 honeywell rants youtube dnssec privoxy squid kea hosts nftables cephfs fedora cifs dot-files ansible-galaxy gpl revision-control bsd jump-host openbsd adhd disability health neurodiversity neurotypical ocd ptsd school dates adhd-australia adhd-uk icinga2

Hardware

Network

Technology

Tplink

Vlan

Linux

Saltstack

Server

Windows

Bash

Certificate

Debian

Openssl

Openvpn

Security

Ssl

Vpn

Web

  • 20 Apr 2023 Deploying custom CA certificates on Linux from Windows share

    This post is about deploying custom certificate authority (CA) certificates onto Linux hosts, from an anonymous Windows share, then deploying them to be used by web-browsers (which seem to use their own CA stores these days). There are two scripts, one for each of these tasks, as installing to the system store usually requires super-user (i.e. root) access but installing to the browser stores is per-user (and should not be done using the super-user account).

  • 03 Feb 2022 Generating Django secret keys with Python 3.6

    This is a quick post - starting with Python 3.6, a secrets module is included “for generating cryptographically strong random numbers suitable for managing data such as passwords, account authentication, security tokens, and related secrets”. This means we can generate good values for Django’s SECRET_KEY setting on any system with Python installed:

  • 05 Dec 2021 Azure RBAC and TerraForm

    My next challenge in my TerraForm journey is to assign some RBAC roles (some custom) to users on specific resources.

  • 03 Dec 2021 TerraForm and Azure NFS-enabled Blob Storage

    Continuing my journey of TerraForm with Microsoft’s Azure cloud, I needed to create some blob storage with NFS enabled (which currently has to be done at the storage account level and can only be turned on or off at account creation time).

  • 25 Nov 2021 Splitting up TerraForm configuration with a module

    Continuing from my last TerraForm post, I have split my TerraForm configuration into a number of files. I am now taking this one step further and creating a module that I can use to deploy a number of identical (or near-identical) resources following a pattern.

  • 30 Sep 2021 docker-compose with systemd

    This post is about launching a Docker Compose orchestrated collection of containers as a system service using systemd. I provisioned a VM running Docker (it’s a loooong story but short version: Azure Kubernetes and Azure container services cannot be deployed without public IP addresses, which goes against some of our secure-by-design decisions) using Terraform and Ansible to deploy and configure it. The service it is running is a web application made up of two Docker containers and I have written a Docker Compose file that builds and runs the infrastructure.

  • 29 Sep 2021 TerraForm, cloud-init and Ansible

    As I mentioned at the end of yesterday’s TerraForm post, one of the two outstanding tasks with my test setup is to kick-off an initial configuration of the VM.

  • 28 Sep 2021 TerraForm VM management

    Following on from my last TerraForm post, my next task is to deploy a VM with the tool. This is more complex than it sounds, as a ‘VM’ requires a number of components (network interface, disk) in addition to the VM as well as me wanting to configure it to do some initial boot-strapping on first start.

  • 24 Sep 2021 TerraForm part 2

    Following on from my first steps with TerraForm post, this post covers the next steps. This includes external state storage and splitting up the terraform configuration.

  • 23 Sep 2021 Getting started with TerraForm

    These notes document my first steps in using TerraForm to manage Azure infrastructure. This first post is how I brought some existing resources under TerraForm’s management.

  • 25 Aug 2021 Checking NextCloud version

    One of my current issues is that I do not notice my NextCloud install requires updating until it is no longer supported and the clients stops working with it. I already have icinga setup as my monitoring solution, so it has been on my to-do list for a while to create a plugin to check the version of my server against the latest release.

  • 08 Aug 2019 HTML linter

    Trying to debug a missing close paragraph tag somewhere in a 300 line web page, I came across Tidy which helped with it's -e flag to report errors and warnings.

  • 03 Jan 2019 Icinga2

    These notes are a bit rough because they have been copied more-or-less directly from my old wiki that was just for my own consumption. They are from when I finally set-up icinga at home. Note that the configuration has moved on substantially since these notes were written, however as it is in a git repository I have not made any more notes or blog posts about it, to date.

  • 13 Nov 2015 OpenSSL certificates in a nutshell

    These notes are a little rough-and-ready, copied more or less directly from my old wiki which was only intended for my consumption.

Rfc

Rfc3850

Apple

Ipod

Work

Backup

Iscsi

  • 12 Feb 2023 Moving backup data off NAS

    Following on from my NAS disaster recovery post, I decided to fork out for some new hard disks and move the volume I backup to from the NAS to being internal to the server doing the backups. I had been considering this for performance reasons but as the NAS is also backed up, it would have aided recovery to not have to fetch the off-site backups. The flip-side of this option is that it means if the server fails I lose access to the backups - so either way I have a single point of failure.

  • 31 Jan 2023 ReadyNas disaster recovery

    Last night my ReadyNas suddenly went read-only with the ominous sounding log message Jan 30, 2023 16:54:47 Volume: The volume data encountered an error and was made read-only. It is recommended to backup your data. - it looks like it ran out of RAM which ultimately caused BTRFS corruption. Despite 3 hours of attempting to recover, I was unable to repair the underlying BTRFS filesystem, so decided the only option was to reset the NAS (which would recreate the filesystem) and execute the disaster recovery (DR) plan.

  • 08 Jun 2020 Migrate BackupPC to VM

    Now that I have deploying VMs sorted I am migrating the first service from my router onto a new VM, my BackupPC server. This should be relatively straight forward as the server set-up is managed in SaltStack and the data resides on an iSCSI volume from my NAS, do configuration and “transfer” should be simple. Should be.

  • 16 Dec 2018 Backups with at-rest encryption, BackupPC, iSCSI and offsite DR backup

    For many, many years (at least since 2008) I’ve been using BackupPC to provide backups of my machines, at home and in the cloud. I recently replaces my NAS with one that has a larger capacity (as part of a project to turn my DVD collection into something more convenient to browse and watch) and that NAS has iSCSI support so I moved my backup solution from a USB attached disk to an iSCSI target and introduced off-site replication of the backup pool for DR purposes.

Backuppc

Automation

Luks

  • 27 May 2024 ProvmoxVE USB passthrough and LUKS unlocking

    This post started as an attempt to use a USB drive to unlock LUKS encrypted LVM containing, amongst others, the root filesystem. My idea was to be able to use a USB key to unlock the disks of my Proxmox Virtual Environment cluster, falling back to passphrase if the key was missing. This proved to be more complicated than anticipated, although solvable through the use of a custom script I worried about the fragility of this so I abandoned the idea.

  • 22 Aug 2023 Automated Debian install

    This is another of those posts that I started and some time (measured in months) later I split up due to not having completed what I set out to do. My overall goal is to have a fully automated install that results in a system with disk encryption setup up but can be remotely unlocked and managed. The intention is that, in most circumstances, any of my systems could be reinstalled headlessly (that is, without plugging in a keyboard or monitor).

  • 29 Jun 2022 Adding off-site backup disk to rotation

    In my original post on setting up my off-site backup, my notes on setting up the off-site disks are a bit sparse. With my home-lab now in the mix, I have decided to add another removable disk to the backup rotation so one can be attached to the lab in order to do restores from the live environment’s backups to refresh the lab’s state from live and test bare-metal disaster recovery in the lab. I originally had 2 disks, so one was always “off-site” even during updates to the other - now I will have at least 1 (usually 2) “off-site”, 1 in the lab and up-to 1 (usually 0) being updated. I will keep the newest and oldest off-site and the one in between will be in the lab, rotating them after each time the oldest is refreshed to become the new newest copy.

  • 16 Dec 2018 Backups with at-rest encryption, BackupPC, iSCSI and offsite DR backup

    For many, many years (at least since 2008) I’ve been using BackupPC to provide backups of my machines, at home and in the cloud. I recently replaces my NAS with one that has a larger capacity (as part of a project to turn my DVD collection into something more convenient to browse and watch) and that NAS has iSCSI support so I moved my backup solution from a USB attached disk to an iSCSI target and introduced off-site replication of the backup pool for DR purposes.

Cryptsetup

  • 12 Feb 2023 Moving backup data off NAS

    Following on from my NAS disaster recovery post, I decided to fork out for some new hard disks and move the volume I backup to from the NAS to being internal to the server doing the backups. I had been considering this for performance reasons but as the NAS is also backed up, it would have aided recovery to not have to fetch the off-site backups. The flip-side of this option is that it means if the server fails I lose access to the backups - so either way I have a single point of failure.

  • 31 Jan 2023 ReadyNas disaster recovery

    Last night my ReadyNas suddenly went read-only with the ominous sounding log message Jan 30, 2023 16:54:47 Volume: The volume data encountered an error and was made read-only. It is recommended to backup your data. - it looks like it ran out of RAM which ultimately caused BTRFS corruption. Despite 3 hours of attempting to recover, I was unable to repair the underlying BTRFS filesystem, so decided the only option was to reset the NAS (which would recreate the filesystem) and execute the disaster recovery (DR) plan.

  • 29 Jul 2022 Backing up large static files

    In addition to my computer backups I have a large cache of static files on my NAS. Some of these files are very large, the files never change, are relatively rarely added to and are all retrievable from elsewhere (either by re-downloading from the internet or re-copying from a physical disk). Backing them up is more a convenience to avoid recreating the cache from scratch, rather than it being a catastrophe if they were lost, so I chose to create a single off-site copy on some external disks (3 of them, to accommodate all of the files at a sensible size/price point for the external drives) with rsync. This is rather than backing them up by adding more storage to the NAS to increase the size of the local backup volume to accommodate them, which would in turn necessitate buying larger off-site disks.

  • 29 Jun 2022 Adding off-site backup disk to rotation

    In my original post on setting up my off-site backup, my notes on setting up the off-site disks are a bit sparse. With my home-lab now in the mix, I have decided to add another removable disk to the backup rotation so one can be attached to the lab in order to do restores from the live environment’s backups to refresh the lab’s state from live and test bare-metal disaster recovery in the lab. I originally had 2 disks, so one was always “off-site” even during updates to the other - now I will have at least 1 (usually 2) “off-site”, 1 in the lab and up-to 1 (usually 0) being updated. I will keep the newest and oldest off-site and the one in between will be in the lab, rotating them after each time the oldest is refreshed to become the new newest copy.

  • 16 Dec 2018 Backups with at-rest encryption, BackupPC, iSCSI and offsite DR backup

    For many, many years (at least since 2008) I’ve been using BackupPC to provide backups of my machines, at home and in the cloud. I recently replaces my NAS with one that has a larger capacity (as part of a project to turn my DVD collection into something more convenient to browse and watch) and that NAS has iSCSI support so I moved my backup solution from a USB attached disk to an iSCSI target and introduced off-site replication of the backup pool for DR purposes.

Git

Icinga

Monitoring

Nginx

  • 27 Jun 2024 Accessing GitHub through a proxy

    When I clustered my HashiCorp Vault, I found that the cron-wrapper scrip that I have on GitHub would not download despite me adding it as a proxied URL to my proxy. This seemed to be due to the response exceeding the proxy buffer size.

  • 04 Apr 2024 Mirror proxy for limited access networks

    In my new network design, I crate a new VLAN that, for security, I did not want to provide a default route to, or routed access to anything outside my network. However the new VM hosts within still need to be able to get their packages and updates. So, I want to provide limited internet access via a very restrictive “whitelist” proxy with strict rules on what can be accessed (initially just deb.debian.org). I may even make this an authenticating proxy, in the future.

  • 22 Aug 2023 Automated Debian install

    This is another of those posts that I started and some time (measured in months) later I split up due to not having completed what I set out to do. My overall goal is to have a fully automated install that results in a system with disk encryption setup up but can be remotely unlocked and managed. The intention is that, in most circumstances, any of my systems could be reinstalled headlessly (that is, without plugging in a keyboard or monitor).

  • 12 Mar 2023 Adding a bastion host - finishing monitoring migration to Ansible

    About a month and half after setting up a proper secrets store with HashiCorp Vault I am able to pick up, crossing off a number of roles migrated from SaltStack in the process. This is with no secrets stored in the code, unlike my Salt configuration which had secrets in the pillar data. With the infrastructure setup and linked to Ansible, I am able to continue with finishing this migration task.

  • 03 Jan 2019 Icinga2

    These notes are a bit rough because they have been copied more-or-less directly from my old wiki that was just for my own consumption. They are from when I finally set-up icinga at home. Note that the configuration has moved on substantially since these notes were written, however as it is in a git repository I have not made any more notes or blog posts about it, to date.

Jekyll

Wordpress

Gitea

Webhook

Apt

  • 20 Oct 2022 iPXE remote image fetching

    I mentioned in my targeted PXE booting post that I might migrate from maintaining copies of the kernel and initial ramdisks on the tftp server to asking iPXE to fetch them directly. This has been brought to the fore after I updated the mirror in my home lab environment and the installer no longer starts due to not being able to load its kernel modules. When I fetched the image from the mirror and compared its checksum to the one in my configuration management system I saw it had changed.

  • 19 Oct 2022 Freeing disk space

    This post could be subtitled “down the rabbit hole”. I needed to reboot my router (kernel update) and, when I set about doing so, found that a backup job was still running 4 hours after it had started. Looking into why this was the case, I found the backups were taking on average 5 hours. Looking at the size of the backup it seemed a little on the large size for what the box does so I set about seeing whether this could be reduced which led to find some missing configurations…

  • 06 Jul 2022 Improving mirror sync

    The number of things being mirrored since I initially setup my mirrors in the home-lab network has grown and the current bash script has become a bit cumbersome to maintain. This post describes the process of replacing the current script and then extending it to mirror more things, including Gentoo and Git repositories - something that took nearly 4 weeks (bearing in mind this is a hobby-project, fitting it in around work and home life). Strap in, this is going to be a long post….

  • 25 Jun 2022 Time in an air-gapped lab network (and centralised time-syncing in an internet connected one)

    In order to get time-syncronisation, to solve the annoyance of my TOTP based 2nd factor for sudo not working, I bought a cheap USB GPS dongle that uses the VK-172 chipset.

  • 17 Jun 2021 Installing Debian on Raspberry PI 4

    I have been planning to migrate my monitoring to my Raspberry PI 4, from its current location on a VM which is fine unless there is a fault with the VM or the host but this has happened (today in fact). It monitors these hosts and it is helpful to know what is going on if there is a problem. My intention is to also shutdown the VM host in the event of a power outage (to extend UPS battery runtime) and it would be nice for monitoring to continue during the outage.

  • 10 Jan 2021 UPS monitoring and auto shut-down with NUT

    Last night we had a power-cut that lasted approximately 20 minutes, about 5 minutes into which I started my usual routine of manually shutting down systems to shed load (and hence prolong runtime for our broadband infrastructure) from my UPS. At around 15 minutes into the power-cut I started to get a bit twitchy about how much runtime was left on the UPS and finally go around to doing something about it (not the ideal conditions to be setting it up, but a good motivator).

  • 28 May 2020 Debian system updates

    I have automated monitoring (via Icinga2) of the update status of my various servers, all of which currently run Debian. To date I’ve been using cron to run a daily apt-get update, to my mind the obvious solution to “I need it to update daily”, which updates the local package cache and then the monitoring picks up whether there’s anything to update. While investigating a problem with another cron-job yesterday, I noticed messages from apt-daily and apt-daily-upgrade services and a quick Google revealed that there is a Debian way to do this.

  • 13 Sep 2019 Upgrading Debian systems

    Based on notes from my old wiki, refreshed as I remotely upgraded our home router from Debian 9 (stretch) to Debian 10 (buster).

  • 12 Jun 2019 Unmarking Debian packages as manually installed

    I sometimes manually install a Debian package, whilst trying to figure out dependencies for something else, and then discover I should have installed a different "parent" package that will pull it in.

Packages

  • 19 Oct 2022 Freeing disk space

    This post could be subtitled “down the rabbit hole”. I needed to reboot my router (kernel update) and, when I set about doing so, found that a backup job was still running 4 hours after it had started. Looking into why this was the case, I found the backups were taking on average 5 hours. Looking at the size of the backup it seemed a little on the large size for what the box does so I set about seeing whether this could be reduced which led to find some missing configurations…

  • 06 Jul 2022 Improving mirror sync

    The number of things being mirrored since I initially setup my mirrors in the home-lab network has grown and the current bash script has become a bit cumbersome to maintain. This post describes the process of replacing the current script and then extending it to mirror more things, including Gentoo and Git repositories - something that took nearly 4 weeks (bearing in mind this is a hobby-project, fitting it in around work and home life). Strap in, this is going to be a long post….

  • 06 May 2022 Restoring the router from DR backup

    Following on from getting my DR “off-site” backup available to restore from, from scratch I restored the first machine from that backup, the router (to get DNS and DHCP up and running). After this, I can start deploying other bits.

  • 19 Apr 2022 Bootstrapping a new network

    As part of working on my new home lab I moved my old core switch, a TP-Link T1600G-28PS to replace the aged Cisco switches that I was using temporarily. Now I have the same make and generation of switch in the lab as my main network, I can start replicating my core network in the lab for testing and development. I am not sure I have ever bootstrapped a network (bearing in mind this lab is air-gapped) before - I have always started with some sort of router or other existing infrastructure (i.e. some form of DHCP server and DNS) I have migrated away from.

  • 11 Feb 2022 Parameterized Puppet class

    Continuing my experimentation with Puppet I created my first class which takes parameters and sets those parameters using data in the master repository (for now).

  • 24 Jan 2022 From Salt to Puppet

    I have been using SaltStack for many years(although my current SaltStack configuration Git history goes back to 2013, so I had been using for at least a few years before the linked post). Prior to that I have had some experience using Puppet and cfengine but this was before I started using SaltStack so my Puppet knowledge is at least 10 years old.

  • 10 Jan 2021 UPS monitoring and auto shut-down with NUT

    Last night we had a power-cut that lasted approximately 20 minutes, about 5 minutes into which I started my usual routine of manually shutting down systems to shed load (and hence prolong runtime for our broadband infrastructure) from my UPS. At around 15 minutes into the power-cut I started to get a bit twitchy about how much runtime was left on the UPS and finally go around to doing something about it (not the ideal conditions to be setting it up, but a good motivator).

  • 13 Sep 2019 Upgrading Debian systems

    Based on notes from my old wiki, refreshed as I remotely upgraded our home router from Debian 9 (stretch) to Debian 10 (buster).

  • 12 Jun 2019 Unmarking Debian packages as manually installed

    I sometimes manually install a Debian package, whilst trying to figure out dependencies for something else, and then discover I should have installed a different "parent" package that will pull it in.

Development

Docker

Singularity

  • 14 Jun 2019 Installing Docker on Debian

    I've been using virtual machines (via VirtualBox) for Linux-based testing and development for sometime but I've been persuaded that it's high-time I joined everyone else and started using containerisation.

Video

  • 14 Jun 2019 Making video indexes with FFmpeg

    I'm working on digitising some of my DVD collection at the moment, which means creating some pretty large files. Trying to view these over the network to discover what they are is pretty tedious (lots of buffering!), so I've been working on dumping an "index" image file that will helpfully give me enough information to determine what it is without actually loading/playing the file.

Laptop

Thinkpad

Lenovo

Graphics

Firefox

Containers

Active directory

Osx

Google authenticator

Sudo

Internet

  • 11 Jul 2022 Getting PIP working behind an SSL-breaking proxy

    If you are behind a proxy that breaks SSL (basically it does a man-in-the-middle attack, hopefully with your consent, typically for deep inspection) you may need to tell pip to use the system certificate store (presuming that trusts the proxy’s certificate), rather than its embedded one, via the PIP_CERT environment variable.

  • 06 Jul 2022 Improving mirror sync

    The number of things being mirrored since I initially setup my mirrors in the home-lab network has grown and the current bash script has become a bit cumbersome to maintain. This post describes the process of replacing the current script and then extending it to mirror more things, including Gentoo and Git repositories - something that took nearly 4 weeks (bearing in mind this is a hobby-project, fitting it in around work and home life). Strap in, this is going to be a long post….

  • 25 Jun 2022 Time in an air-gapped lab network (and centralised time-syncing in an internet connected one)

    In order to get time-syncronisation, to solve the annoyance of my TOTP based 2nd factor for sudo not working, I bought a cheap USB GPS dongle that uses the VK-172 chipset.

  • 23 May 2022 Authenticated proxy configuration with bash

    Bash script which can be sourced to configure http_proxy, https_proxy and no_proxy environment variables (used by most internet-capable Linux applications) for a specific proxy. Prompts for domain (defaults to the local domain if machine is domain joined through realmd), username (defaults to local username) and password, although it then puts it into the environment variable so retrievable by anyone with access to the subsequent environment. As a superficial level of security, it exports an env bash function that wraps the usual command to redact the password.

  • 20 Jan 2022 Routing email based on sender address

    For some external email addresses, I need my mail server to relay mail through their SMTP host in order to pass DKIM/SPF checks (otherwise my mail server is just forging the from address from the point of view of the destination system). These are the changes needed to make this work in my virtual mail setup.

  • 17 Jan 2022 Setting up DKIM and DMARC

    This all started because GMail started blocking my mail server’s IP address. A close inspection of my mail logs showed no unusual activity, and certainly nothing spammy being sent from my system, but there is a strong recommendation to setup DKIM for email domains which I have not done yet (SPF has been in place for many years). This post documents setting up OpenDKIM in my existing virtual mail infrastructure.

  • 10 Jul 2021 Fixing Sky downloading on new broadband

    This post documents my attempt to send traffic from specific local hosts (Sky TV boxes) via my existing VPN connection, whilst retaining direct access to my broadband connection for all other hosts as a workaround to the annoying problems Sky services have when the client is behind a carrier-level network address translation (carrier-grade NAT or CGNAT).

  • 18 Aug 2019 PlusNet Fibre (FTTC)

    After much suffering from the incompitence of Virgin Media we have switched to PlusNet for our broadband provider. Thankfully FTTC has arrived in our neighbourhood so we can, at long last, get more than 300kbps estimated speed down the phone line (although we had to have a new phone line installed, as we did not already have one).

Plusnet

  • 22 May 2020 updating broadband PPPoE configuration

    For a very long time I have been running my own Linux-based routers as gateways to the internet. The configuration was setup a very long time ago and it has not been revisited, other than to update logins etc., since. I discovered today that there is now a kernel-mode PPPoE module (since 2.4, from what I can gather) that I have missed the arrival of and a more performant driver for it. As I was monitoring the route due to line-speed problems, I noted that I could see the process pppoe appear in top hovering around the 12% CPU mark and wondered if that was expected or not. Googling this lead to these changes.

  • 18 Aug 2019 PlusNet Fibre (FTTC)

    After much suffering from the incompitence of Virgin Media we have switched to PlusNet for our broadband provider. Thankfully FTTC has arrived in our neighbourhood so we can, at long last, get more than 300kbps estimated speed down the phone line (although we had to have a new phone line installed, as we did not already have one).

Pppoe

  • 22 May 2020 updating broadband PPPoE configuration

    For a very long time I have been running my own Linux-based routers as gateways to the internet. The configuration was setup a very long time ago and it has not been revisited, other than to update logins etc., since. I discovered today that there is now a kernel-mode PPPoE module (since 2.4, from what I can gather) that I have missed the arrival of and a more performant driver for it. As I was monitoring the route due to line-speed problems, I noted that I could see the process pppoe appear in top hovering around the 12% CPU mark and wondered if that was expected or not. Googling this lead to these changes.

  • 18 Aug 2019 PlusNet Fibre (FTTC)

    After much suffering from the incompitence of Virgin Media we have switched to PlusNet for our broadband provider. Thankfully FTTC has arrived in our neighbourhood so we can, at long last, get more than 300kbps estimated speed down the phone line (although we had to have a new phone line installed, as we did not already have one).

Vigor

  • 18 Aug 2019 PlusNet Fibre (FTTC)

    After much suffering from the incompitence of Virgin Media we have switched to PlusNet for our broadband provider. Thankfully FTTC has arrived in our neighbourhood so we can, at long last, get more than 300kbps estimated speed down the phone line (although we had to have a new phone line installed, as we did not already have one).

Javascript

React

React native

Testing

Jest

Time machine

  • 21 Nov 2019 Time Machine backup to network share

    I had been using my own external hard disk for backing up my work computer, however (despite being 256GB) Time Machine kept complaining it didn't have enough space. Fortunately I also have access to a 3TB network share at work, so here's how I changed my Mac to backup to there instead.

Dell

Xps 13 9370

Dvd

Broadband

  • 05 May 2023 Setting up DrayTek Vigor 130 for Sky FTTC (VDSL) broadband

    This post begins with a rant about Virgin Media ignoring their own contract and cutting us off 17 days before they told us our services would end (just 13 days after we gave the contractual “30 days notice” to leave). It follows with setting up a DrayTek Vigor 130 VDSL2/ADSL modem with a Linux router for Sky’s fibre-to-the-cabinet (FTTC) broadband service.

  • 10 Jul 2021 Fixing Sky downloading on new broadband

    This post documents my attempt to send traffic from specific local hosts (Sky TV boxes) via my existing VPN connection, whilst retaining direct access to my broadband connection for all other hosts as a workaround to the annoying problems Sky services have when the client is behind a carrier-level network address translation (carrier-grade NAT or CGNAT).

  • 10 Jan 2021 UPS monitoring and auto shut-down with NUT

    Last night we had a power-cut that lasted approximately 20 minutes, about 5 minutes into which I started my usual routine of manually shutting down systems to shed load (and hence prolong runtime for our broadband infrastructure) from my UPS. At around 15 minutes into the power-cut I started to get a bit twitchy about how much runtime was left on the UPS and finally go around to doing something about it (not the ideal conditions to be setting it up, but a good motivator).

  • 22 May 2020 updating broadband PPPoE configuration

    For a very long time I have been running my own Linux-based routers as gateways to the internet. The configuration was setup a very long time ago and it has not been revisited, other than to update logins etc., since. I discovered today that there is now a kernel-mode PPPoE module (since 2.4, from what I can gather) that I have missed the arrival of and a more performant driver for it. As I was monitoring the route due to line-speed problems, I noted that I could see the process pppoe appear in top hovering around the 12% CPU mark and wondered if that was expected or not. Googling this lead to these changes.

  • 17 Apr 2020 A New Switch

    This post documents the re-introduction of VLANs to our home network, removed in 2018 to solve problems with 4-year old WAP and power-line adapters their replacement means we can move back to more secure and flexible networking set-up.

Eap225

Plex

  • 18 May 2024 Plex in a VM on ProxmoxVE

    In order to create a VM with Ansible, I first need to create an API user for Ansible to be able to interact with ProxmoxVE. Once I have a VM, I will install Plex Media Server on it.

  • 17 Apr 2020 A New Switch

    This post documents the re-introduction of VLANs to our home network, removed in 2018 to solve problems with 4-year old WAP and power-line adapters their replacement means we can move back to more secure and flexible networking set-up.

Sky

  • 05 May 2023 Setting up DrayTek Vigor 130 for Sky FTTC (VDSL) broadband

    This post begins with a rant about Virgin Media ignoring their own contract and cutting us off 17 days before they told us our services would end (just 13 days after we gave the contractual “30 days notice” to leave). It follows with setting up a DrayTek Vigor 130 VDSL2/ADSL modem with a Linux router for Sky’s fibre-to-the-cabinet (FTTC) broadband service.

  • 10 Jul 2021 Fixing Sky downloading on new broadband

    This post documents my attempt to send traffic from specific local hosts (Sky TV boxes) via my existing VPN connection, whilst retaining direct access to my broadband connection for all other hosts as a workaround to the annoying problems Sky services have when the client is behind a carrier-level network address translation (carrier-grade NAT or CGNAT).

  • 17 Apr 2020 A New Switch

    This post documents the re-introduction of VLANs to our home network, removed in 2018 to solve problems with 4-year old WAP and power-line adapters their replacement means we can move back to more secure and flexible networking set-up.

Tplink omada

Rawlplugs

  • 20 Apr 2020 Rawlplug UNO sizes technical data

    Rawlplug’s UNO range are currently my favourite wall plug, reliable and I’m yet to have any problems with the installation of one. I struggle to find this information, particularly supported screw sizes, when I want to refer to it to here it is:

Diy

  • 20 Apr 2020 Rawlplug UNO sizes technical data

    Rawlplug’s UNO range are currently my favourite wall plug, reliable and I’m yet to have any problems with the installation of one. I struggle to find this information, particularly supported screw sizes, when I want to refer to it to here it is:

Gpg

Playstation

Ps3

Usb

  • 27 May 2024 ProvmoxVE USB passthrough and LUKS unlocking

    This post started as an attempt to use a USB drive to unlock LUKS encrypted LVM containing, amongst others, the root filesystem. My idea was to be able to use a USB key to unlock the disks of my Proxmox Virtual Environment cluster, falling back to passphrase if the key was missing. This proved to be more complicated than anticipated, although solvable through the use of a custom script I worried about the fragility of this so I abandoned the idea.

  • 01 Jan 2023 Mounting exfat for access as current user

    Quick post noting the bash command to mount a FAT formatted USB (or any other) drive, with the mount owned by the current user, lsblk is your friend for finding the device for the drive.

  • 03 Nov 2022 Upgrade TPM to 2.0 on Dell XPS 13 9370 and installing Windows 11 and Debian Linux

    In order to install Windows 11, my laptop’s Trusted Platform Module firmware needs upgrading to support TPM 2.0. Dell provide a firmware update for some models, including mine. However installing it is complicated by Windows 10, which it is currently running, re-initialising the TPM on shutdown; breaking the firmware update process, which detects the TPM has data and aborts the update when it goes to apply it on next reboot.

  • 29 Jul 2022 Backing up large static files

    In addition to my computer backups I have a large cache of static files on my NAS. Some of these files are very large, the files never change, are relatively rarely added to and are all retrievable from elsewhere (either by re-downloading from the internet or re-copying from a physical disk). Backing them up is more a convenience to avoid recreating the cache from scratch, rather than it being a catastrophe if they were lost, so I chose to create a single off-site copy on some external disks (3 of them, to accommodate all of the files at a sensible size/price point for the external drives) with rsync. This is rather than backing them up by adding more storage to the NAS to increase the size of the local backup volume to accommodate them, which would in turn necessitate buying larger off-site disks.

  • 11 Jul 2021 USB booting Raspberry PI 4

    This post describes the process of enabling boot-from-USB and then using a USB disk for booting my Raspberry PI 4. It was made from notes I jotted down when I did this, over a week ago, so I apologise if it seems a bit disjointed or bulleted.

  • 08 May 2020 Dell XPS 13 (9370) Thunderbolt & eGPU

    This post is just pulling together notes I have made whilst researching eGPUs with this laptop. I currently use a Razer Core X Chroma™ with it, which works very well except for issues with USB-disconnects but this seems to be a general problem with USB devices and Windows 7 onwards.

Ppp

  • 22 May 2020 updating broadband PPPoE configuration

    For a very long time I have been running my own Linux-based routers as gateways to the internet. The configuration was setup a very long time ago and it has not been revisited, other than to update logins etc., since. I discovered today that there is now a kernel-mode PPPoE module (since 2.4, from what I can gather) that I have missed the arrival of and a more performant driver for it. As I was monitoring the route due to line-speed problems, I noted that I could see the process pppoe appear in top hovering around the 12% CPU mark and wondered if that was expected or not. Googling this lead to these changes.

Bonding

Lacp

Nas

  • 18 May 2024 Plex in a VM on ProxmoxVE

    In order to create a VM with Ansible, I first need to create an API user for Ansible to be able to interact with ProxmoxVE. Once I have a VM, I will install Plex Media Server on it.

  • 12 Feb 2023 Moving backup data off NAS

    Following on from my NAS disaster recovery post, I decided to fork out for some new hard disks and move the volume I backup to from the NAS to being internal to the server doing the backups. I had been considering this for performance reasons but as the NAS is also backed up, it would have aided recovery to not have to fetch the off-site backups. The flip-side of this option is that it means if the server fails I lose access to the backups - so either way I have a single point of failure.

  • 31 Jan 2023 ReadyNas disaster recovery

    Last night my ReadyNas suddenly went read-only with the ominous sounding log message Jan 30, 2023 16:54:47 Volume: The volume data encountered an error and was made read-only. It is recommended to backup your data. - it looks like it ran out of RAM which ultimately caused BTRFS corruption. Despite 3 hours of attempting to recover, I was unable to repair the underlying BTRFS filesystem, so decided the only option was to reset the NAS (which would recreate the filesystem) and execute the disaster recovery (DR) plan.

  • 29 Jul 2022 Backing up large static files

    In addition to my computer backups I have a large cache of static files on my NAS. Some of these files are very large, the files never change, are relatively rarely added to and are all retrievable from elsewhere (either by re-downloading from the internet or re-copying from a physical disk). Backing them up is more a convenience to avoid recreating the cache from scratch, rather than it being a catastrophe if they were lost, so I chose to create a single off-site copy on some external disks (3 of them, to accommodate all of the files at a sensible size/price point for the external drives) with rsync. This is rather than backing them up by adding more storage to the NAS to increase the size of the local backup volume to accommodate them, which would in turn necessitate buying larger off-site disks.

  • 22 Jul 2022 Installing Gentoo on Lenovo M72e Tiny PC

    It has been a very long time since I install Gentoo Linux on anything, so just noting in a blog post what I did. As always, the basic process is RTFM in the form of the Gentoo Handbook. In this post, I got as far as completing what I will call the “modern stage 1” (i.e. the process for rebuilding everything with an optimised toolchain, which used to be a “stage 1” install but became a “stage 3 with bootstrap.sh script” around 2010) but not configuring/building/installing the kernel and bootloader. Unfortunately I ran out of time to play with this and went back to Debian on the system, in order to get some other work done.

  • 05 Jul 2022 Removing configuration with SaltStack

    Until now I have been using SaltStack to apply configuration, although in some cases that means removing default settings. In my new home lab I have deployed systems by doing bare-metal restores from live-system backups. Predominantly due to hardware differences, there are some difficulties that require undoing configurations SaltStack applies to the live systems to correct. I think of this as “anti-configuration-management”.

  • 13 Apr 2022 New core switch

    In January I had a problem due to having filled my core network switch. Since then I have deployed a very old Cisco switch into my air-gapped home lab which is also less than ideal as I have very different networking hardware on my main network and the lab. To make it easier to do meaningful testing and solve the capacity problem I have bought a used TP-Link T1600G-52PS switch to replace my existing T1600G-28PS. This post is concerned with configuring the new switch to be the same as the old, then swapping it and the old one over.

  • 21 Feb 2022 Creating first VM in Proxmox

    This post documents my first Proxmox VE host installation, configuration and the building of a Windows Domain Controller VM within my new home lab environment.

  • 16 Feb 2022 Setting up ReadyNAS Duo for home lab

    I have an old ReadyNAS Duo 2120 (confusingly it says 2120v2 on the bottom, although it is RND2000v1 generation hardware) which I have turned into a webserver to provide a mirror service for my new air gapped home lab network. This is a precursor to setting up Proxmox VE, with both read-only package mirrors and ISO repository on the NAS. It is updated via a USB hard disk which I sync on my home network then physically move to the lab environment, mount read-only to update the mirrors from.

  • 22 Aug 2021 Automatically shutting down server and NAS

    At home we have a NAS (An APC Back-UPS BX1400UI) which protects our internet connectivity equipment, core network switch, one server and network-attached (NAS) storage device. The server runs the backup tool (BackupPC) that backs up all of my local and cloud systems, with the backups stored on an iSCSI volume on the NAS (with monthly “off-site” copies).

  • 10 Jan 2021 UPS monitoring and auto shut-down with NUT

    Last night we had a power-cut that lasted approximately 20 minutes, about 5 minutes into which I started my usual routine of manually shutting down systems to shed load (and hence prolong runtime for our broadband infrastructure) from my UPS. At around 15 minutes into the power-cut I started to get a bit twitchy about how much runtime was left on the UPS and finally go around to doing something about it (not the ideal conditions to be setting it up, but a good motivator).

  • 23 May 2020 Adding bonded connection to Netgear ReadyNAS 214

    My Netgear ReadyNAS 214 has two Ethernet ports. It is used as a safe place to store my data as well has hosting an iSCSI target that all my backups are done to (with regular off-site copies made to mitigate against failure or physical damage/loss of the NAS) so some extra bandwidth would not hurt and the web user-interface provides the option to bond them. Since my managed switch also supports bonding, I have decided to do this.

Netgear

  • 31 Jan 2023 ReadyNas disaster recovery

    Last night my ReadyNas suddenly went read-only with the ominous sounding log message Jan 30, 2023 16:54:47 Volume: The volume data encountered an error and was made read-only. It is recommended to backup your data. - it looks like it ran out of RAM which ultimately caused BTRFS corruption. Despite 3 hours of attempting to recover, I was unable to repair the underlying BTRFS filesystem, so decided the only option was to reset the NAS (which would recreate the filesystem) and execute the disaster recovery (DR) plan.

  • 22 Jul 2022 Installing Gentoo on Lenovo M72e Tiny PC

    It has been a very long time since I install Gentoo Linux on anything, so just noting in a blog post what I did. As always, the basic process is RTFM in the form of the Gentoo Handbook. In this post, I got as far as completing what I will call the “modern stage 1” (i.e. the process for rebuilding everything with an optimised toolchain, which used to be a “stage 1” install but became a “stage 3 with bootstrap.sh script” around 2010) but not configuring/building/installing the kernel and bootloader. Unfortunately I ran out of time to play with this and went back to Debian on the system, in order to get some other work done.

  • 13 Apr 2022 New core switch

    In January I had a problem due to having filled my core network switch. Since then I have deployed a very old Cisco switch into my air-gapped home lab which is also less than ideal as I have very different networking hardware on my main network and the lab. To make it easier to do meaningful testing and solve the capacity problem I have bought a used TP-Link T1600G-52PS switch to replace my existing T1600G-28PS. This post is concerned with configuring the new switch to be the same as the old, then swapping it and the old one over.

  • 21 Feb 2022 Creating first VM in Proxmox

    This post documents my first Proxmox VE host installation, configuration and the building of a Windows Domain Controller VM within my new home lab environment.

  • 16 Feb 2022 Setting up ReadyNAS Duo for home lab

    I have an old ReadyNAS Duo 2120 (confusingly it says 2120v2 on the bottom, although it is RND2000v1 generation hardware) which I have turned into a webserver to provide a mirror service for my new air gapped home lab network. This is a precursor to setting up Proxmox VE, with both read-only package mirrors and ISO repository on the NAS. It is updated via a USB hard disk which I sync on my home network then physically move to the lab environment, mount read-only to update the mirrors from.

  • 04 Jan 2022 Reconfiguring network for satellite switch

    Due to port exhaustion I am moving my “desktop” (quoted as it includes some laptops) systems to a secondary switch. This post describes the switch and new VLAN arrangement for these systems.

  • 10 Jan 2021 UPS monitoring and auto shut-down with NUT

    Last night we had a power-cut that lasted approximately 20 minutes, about 5 minutes into which I started my usual routine of manually shutting down systems to shed load (and hence prolong runtime for our broadband infrastructure) from my UPS. At around 15 minutes into the power-cut I started to get a bit twitchy about how much runtime was left on the UPS and finally go around to doing something about it (not the ideal conditions to be setting it up, but a good motivator).

  • 23 May 2020 Adding bonded connection to Netgear ReadyNAS 214

    My Netgear ReadyNAS 214 has two Ethernet ports. It is used as a safe place to store my data as well has hosting an iSCSI target that all my backups are done to (with regular off-site copies made to mitigate against failure or physical damage/loss of the NAS) so some extra bandwidth would not hurt and the web user-interface provides the option to bond them. Since my managed switch also supports bonding, I have decided to do this.

Powershell

Scripting

Ssh

Microsoft

Teams

  • 28 May 2020 Teams backgrounds

    To use your own custom backgrounds, drop the background file(s) in $Env:APPDATA\Microsoft\Teams\Backgrounds\Uploads (PowerShell, %APPDATA%\Microsoft\Teams\Backgrounds\Uploads in cmd). They must be PNG files and will just show up in the list of backgrounds to choose from in the user interface.

Hp

Hpe

Ilo

Kvm

  • 12 Feb 2023 Moving backup data off NAS

    Following on from my NAS disaster recovery post, I decided to fork out for some new hard disks and move the volume I backup to from the NAS to being internal to the server doing the backups. I had been considering this for performance reasons but as the NAS is also backed up, it would have aided recovery to not have to fetch the off-site backups. The flip-side of this option is that it means if the server fails I lose access to the backups - so either way I have a single point of failure.

  • 17 Jun 2021 Installing Debian on Raspberry PI 4

    I have been planning to migrate my monitoring to my Raspberry PI 4, from its current location on a VM which is fine unless there is a fault with the VM or the host but this has happened (today in fact). It monitors these hosts and it is helpful to know what is going on if there is a problem. My intention is to also shutdown the VM host in the event of a power outage (to extend UPS battery runtime) and it would be nice for monitoring to continue during the outage.

  • 23 Jul 2020 Offsite DR backup with VM

    Since migrating BackupPC to a VM I have not been doing off-site backups (since I have been working from home full-time). Today I had to visit the office to retrieve some essential adaptors for my work laptop, and while I was there I grabbed my off-site backups disks. Now I have done this, I need to figure out how to pass the device through to my VM in order to update the oldest backup (which has not been updated since December 2019!).

  • 14 Jun 2020 Migrate monitoring to VM

    Hot on the heals of migrating BackupPC from a bare-metal (router) system to a VM, the next set of services to migrate are my monitoring services. For this I run two seperate systems, Icinga2 and Munin. Icinga excels at monitoring and alerting to problems and faults as they happen, Munin provides resource monitoring and graphing that gives a better view of “what just happened to kill our performance?”(quoted from their website) and historic views of the same.

  • 08 Jun 2020 Migrate BackupPC to VM

    Now that I have deploying VMs sorted I am migrating the first service from my router onto a new VM, my BackupPC server. This should be relatively straight forward as the server set-up is managed in SaltStack and the data resides on an iSCSI volume from my NAS, do configuration and “transfer” should be simple. Should be.

  • 06 Jun 2020 Building Debian VMs with debootstrap

    Following the awful time I had setting up a working preseed configuration for Debian installer I am exploring the alternative method of pre-building the disk image using debootstrap.

  • 04 Jun 2020 KVM setup

    Following on from tuesday’s post on setting up my first microserver, I am starting to set-up KVM and automate building virtual-machines in order to start migrating services off my router.

  • 02 Jun 2020 HP Microservers

    Over the weekend I bought and collected 2 8th generation HPE Microservers. The two I have bought have been upgraded to 16GB of ECC memory and have had their stock processors replaced with E3-1240 v2 processors. They also came with 10GbE cards fitted, although currently I have no infrastructure to make use of these.

Red hat

Virtualisation

Vmware

  • 02 Jun 2020 HP Microservers

    Over the weekend I bought and collected 2 8th generation HPE Microservers. The two I have bought have been upgraded to 16GB of ECC memory and have had their stock processors replaced with E3-1240 v2 processors. They also came with 10GbE cards fitted, although currently I have no infrastructure to make use of these.

Kickstart

Preseed

Munin

Python

Dns

  • 07 Apr 2024 Migrate DHCP server configuration from Salt to Ansible

    One of the big bits I have not yet migrated from SaltStack to Ansible is my router, including DHCP and DNS. The management subnet was not configured to allow PXE booting, so I decided this was the right opportunity to make a start on that migration to Ansible. I did this by expanding my existing DHCP role with additional tasks.

  • 04 Apr 2024 Mirror proxy for limited access networks

    In my new network design, I crate a new VLAN that, for security, I did not want to provide a default route to, or routed access to anything outside my network. However the new VM hosts within still need to be able to get their packages and updates. So, I want to provide limited internet access via a very restrictive “whitelist” proxy with strict rules on what can be accessed (initially just deb.debian.org). I may even make this an authenticating proxy, in the future.

  • 22 Aug 2023 Automated Debian install

    This is another of those posts that I started and some time (measured in months) later I split up due to not having completed what I set out to do. My overall goal is to have a fully automated install that results in a system with disk encryption setup up but can be remotely unlocked and managed. The intention is that, in most circumstances, any of my systems could be reinstalled headlessly (that is, without plugging in a keyboard or monitor).

  • 04 Oct 2022 Debian network install preseed

    Back in 2020, I used the Debian installer’s pre-seed capability to automatically build KVM-based VMs. In my new lab network I have 10 systems that are headless, attached to managed PDUs (so can be remotely power cycled) but have no integrated console or KVM attached. Debian Installer has a network console feature, which allows remote installs over SSH. This post describes automating the setup of that so a network-booted host in the lab network will, by default, boot into the Debian Installer for the current stable distribution ready for me to remotely SSH in and complete the install.

  • 30 Sep 2022 New wireless setup

    This post describes setting up client-specific wireless network keys (private pre-shared keys or “PPSKs”) and per-client VLAN settings on a single wireless SSID, using FreeRADIUS to provide the key and vlan information.

  • 01 Mar 2022 Fighting with Windows Product Activation

    10 days after being installed, my “180 day evaluation” version of Windows Server 2019 has decided it is expired and will not activate. After trying unsuccessfully with both the telephone and their new web-based offline activation system (which you get the option to be text a time-limited link for through the phone system), I rang Microsoft’s support which resulted in being accused of pirating the software twice (according to them the entire “Microsoft Evaluation Center” section of Microsoft’s website does not exist) before being told that in order to use the 180 day trial I had to first buy a full licence (no, I cannot figure out how that is supposed to work either!).

  • 23 Feb 2022 Replacing Cisco Catalyst 2970 switch with 3560

    I originally deployed an old Cisco Catalyst 2970 switch in my new home lab environment however it was insufficient for my needs in a number of ways, such as no being able to act as NTP or DNS server and not supporting SSH for remote management. I also had a 3560, although the model I have has 48 ports (as opposed to the 24 on the 2970 I used) and is physically much longer (both being standard 1U 19” rack-mount height and width) which I why I initially tried the smaller, lower power, 2970.

  • 15 Feb 2022 Setting up Cisco Catalyst Switch for home-lab

    This post covers the first step in setting up my new home lab, configuring a Cisco switch for the new air-gapped environment which I will install Proxmox VE into later.

  • 17 Jan 2022 Setting up DKIM and DMARC

    This all started because GMail started blocking my mail server’s IP address. A close inspection of my mail logs showed no unusual activity, and certainly nothing spammy being sent from my system, but there is a strong recommendation to setup DKIM for email domains which I have not done yet (SPF has been in place for many years). This post documents setting up OpenDKIM in my existing virtual mail infrastructure.

  • 10 May 2021 Query AD with LDAP

    Because I keep ending up looking at my old scripts to refresh myself on how to do this by hand, here’s the recipe for querying AD with ldapsearch.

  • 15 Jan 2021 Let's Encrypt SSL certificates at home

    For nearly 2 years I have been using Let’s Encrypt (like half the tech world) for SSL certificates on my public-facing projects and services. I have decided to try an extend their use to my internal sites too, and do-away with running my own certificate authority except for a few niche cases (OpenVPN, for example).

  • 05 Jan 2021 Split DNS with Dnsmasq

    I had a need to split DNS resolution on a series of hosts between two DNS servers, one local to the environment and one for global address resolution. In the past I have always used BIND 9 for my go-to DNS server, however for this trivial forwarding tasks it seemed overkill and a good opportunity to give something lighter-weight a go. So I opted to try Dnsmasq instead.

Dnsmasq

  • 07 Apr 2024 Migrate DHCP server configuration from Salt to Ansible

    One of the big bits I have not yet migrated from SaltStack to Ansible is my router, including DHCP and DNS. The management subnet was not configured to allow PXE booting, so I decided this was the right opportunity to make a start on that migration to Ansible. I did this by expanding my existing DHCP role with additional tasks.

  • 03 Jan 2024 DHCP, IP addresses, client IDs and an identity crisis

    Following on from my post on looking up DHCP client IP addresses with Ansible, I had intermittent problems with hosts changing IP, which I initially observed if the OS was uncleanly shutdown. The root cause (discussed below) is that the Debian installer, the DHCP client used by initramfs for dropbear and OS DHCP client are not all using the same client id. In the situation I first saw this, I suspected that on a clean shutdown the OS’s DHCP client issues a release on the IP so it is available (and with very low IP churn in my development environments it happened to be issued again when it came back up) however on an unclean shutdown there was still a valid lease to the OS’s client id resulting in dropbear getting a different IP but post-unlock the OS (using the same client-id as the unreleased lease) recovered the “old” IP lease. I confirmed this hypothesis with empirical testing. In this post, I discuss why this is happening and use Ansible to dynamically configure the DHCP server to workaround the problem.

  • 29 Dec 2023 Using Ansible to find IP addresses for DHCP clients

    This post follows on from automating Debian install, picking up doing the post-install configuration from the point of having a (generic) baseline OS installed. I am using Ansible to do the post-installation configuration but any other configuration management tool could be used and I have personally used SaltStack, Puppet and cfengine to implement this approach (simple, minimal OS install handing off to configuration management tool to do host-specific customisation post-install) with a variety of Linux distributions. Reasons I like this approach include that all host-specific configuration and data is in one location, creating clarity about whether a setting or configuration comes from the install script (e.g. kickstart/preseed) or configuration management tool (or both), and all customisations being applied by the configuration management tool means those remain correct (and corrected by the tool if they deviate) throughout the lifetime of the system.

  • 22 Aug 2023 Automated Debian install

    This is another of those posts that I started and some time (measured in months) later I split up due to not having completed what I set out to do. My overall goal is to have a fully automated install that results in a system with disk encryption setup up but can be remotely unlocked and managed. The intention is that, in most circumstances, any of my systems could be reinstalled headlessly (that is, without plugging in a keyboard or monitor).

  • 05 Jan 2021 Split DNS with Dnsmasq

    I had a need to split DNS resolution on a series of hosts between two DNS servers, one local to the environment and one for global address resolution. In the past I have always used BIND 9 for my go-to DNS server, however for this trivial forwarding tasks it seemed overkill and a good opportunity to give something lighter-weight a go. So I opted to try Dnsmasq instead.

Centos

Kerberos

Devops

Apc

Bx1400ui

Nut

  • 20 Jul 2022 UPS automated shutdown failure

    Back in August I setup fully automated shutdown of my server and NAS on power failure and the night before last we had a 2 hour power outage during which these systems failed to shutdown until the UPS reached its critical low battery state.

  • 05 Jul 2022 Removing configuration with SaltStack

    Until now I have been using SaltStack to apply configuration, although in some cases that means removing default settings. In my new home lab I have deployed systems by doing bare-metal restores from live-system backups. Predominantly due to hardware differences, there are some difficulties that require undoing configurations SaltStack applies to the live systems to correct. I think of this as “anti-configuration-management”.

  • 22 Aug 2021 Automatically shutting down server and NAS

    At home we have a NAS (An APC Back-UPS BX1400UI) which protects our internet connectivity equipment, core network switch, one server and network-attached (NAS) storage device. The server runs the backup tool (BackupPC) that backs up all of my local and cloud systems, with the backups stored on an iSCSI volume on the NAS (with monthly “off-site” copies).

  • 10 Jan 2021 UPS monitoring and auto shut-down with NUT

    Last night we had a power-cut that lasted approximately 20 minutes, about 5 minutes into which I started my usual routine of manually shutting down systems to shed load (and hence prolong runtime for our broadband infrastructure) from my UPS. At around 15 minutes into the power-cut I started to get a bit twitchy about how much runtime was left on the UPS and finally go around to doing something about it (not the ideal conditions to be setting it up, but a good motivator).

Readynas

  • 31 Jan 2023 ReadyNas disaster recovery

    Last night my ReadyNas suddenly went read-only with the ominous sounding log message Jan 30, 2023 16:54:47 Volume: The volume data encountered an error and was made read-only. It is recommended to backup your data. - it looks like it ran out of RAM which ultimately caused BTRFS corruption. Despite 3 hours of attempting to recover, I was unable to repair the underlying BTRFS filesystem, so decided the only option was to reset the NAS (which would recreate the filesystem) and execute the disaster recovery (DR) plan.

  • 22 Jul 2022 Installing Gentoo on Lenovo M72e Tiny PC

    It has been a very long time since I install Gentoo Linux on anything, so just noting in a blog post what I did. As always, the basic process is RTFM in the form of the Gentoo Handbook. In this post, I got as far as completing what I will call the “modern stage 1” (i.e. the process for rebuilding everything with an optimised toolchain, which used to be a “stage 1” install but became a “stage 3 with bootstrap.sh script” around 2010) but not configuring/building/installing the kernel and bootloader. Unfortunately I ran out of time to play with this and went back to Debian on the system, in order to get some other work done.

  • 21 Feb 2022 Creating first VM in Proxmox

    This post documents my first Proxmox VE host installation, configuration and the building of a Windows Domain Controller VM within my new home lab environment.

  • 16 Feb 2022 Setting up ReadyNAS Duo for home lab

    I have an old ReadyNAS Duo 2120 (confusingly it says 2120v2 on the bottom, although it is RND2000v1 generation hardware) which I have turned into a webserver to provide a mirror service for my new air gapped home lab network. This is a precursor to setting up Proxmox VE, with both read-only package mirrors and ISO repository on the NAS. It is updated via a USB hard disk which I sync on my home network then physically move to the lab environment, mount read-only to update the mirrors from.

  • 22 Aug 2021 Automatically shutting down server and NAS

    At home we have a NAS (An APC Back-UPS BX1400UI) which protects our internet connectivity equipment, core network switch, one server and network-attached (NAS) storage device. The server runs the backup tool (BackupPC) that backs up all of my local and cloud systems, with the backups stored on an iSCSI volume on the NAS (with monthly “off-site” copies).

  • 10 Jan 2021 UPS monitoring and auto shut-down with NUT

    Last night we had a power-cut that lasted approximately 20 minutes, about 5 minutes into which I started my usual routine of manually shutting down systems to shed load (and hence prolong runtime for our broadband infrastructure) from my UPS. At around 15 minutes into the power-cut I started to get a bit twitchy about how much runtime was left on the UPS and finally go around to doing something about it (not the ideal conditions to be setting it up, but a good motivator).

Rn214

  • 31 Jan 2023 ReadyNas disaster recovery

    Last night my ReadyNas suddenly went read-only with the ominous sounding log message Jan 30, 2023 16:54:47 Volume: The volume data encountered an error and was made read-only. It is recommended to backup your data. - it looks like it ran out of RAM which ultimately caused BTRFS corruption. Despite 3 hours of attempting to recover, I was unable to repair the underlying BTRFS filesystem, so decided the only option was to reset the NAS (which would recreate the filesystem) and execute the disaster recovery (DR) plan.

  • 13 Apr 2022 New core switch

    In January I had a problem due to having filled my core network switch. Since then I have deployed a very old Cisco switch into my air-gapped home lab which is also less than ideal as I have very different networking hardware on my main network and the lab. To make it easier to do meaningful testing and solve the capacity problem I have bought a used TP-Link T1600G-52PS switch to replace my existing T1600G-28PS. This post is concerned with configuring the new switch to be the same as the old, then swapping it and the old one over.

  • 22 Aug 2021 Automatically shutting down server and NAS

    At home we have a NAS (An APC Back-UPS BX1400UI) which protects our internet connectivity equipment, core network switch, one server and network-attached (NAS) storage device. The server runs the backup tool (BackupPC) that backs up all of my local and cloud systems, with the backups stored on an iSCSI volume on the NAS (with monthly “off-site” copies).

  • 10 Jan 2021 UPS monitoring and auto shut-down with NUT

    Last night we had a power-cut that lasted approximately 20 minutes, about 5 minutes into which I started my usual routine of manually shutting down systems to shed load (and hence prolong runtime for our broadband infrastructure) from my UPS. At around 15 minutes into the power-cut I started to get a bit twitchy about how much runtime was left on the UPS and finally go around to doing something about it (not the ideal conditions to be setting it up, but a good motivator).

Ups

  • 20 Jul 2022 UPS automated shutdown failure

    Back in August I setup fully automated shutdown of my server and NAS on power failure and the night before last we had a 2 hour power outage during which these systems failed to shutdown until the UPS reached its critical low battery state.

  • 05 Jul 2022 Removing configuration with SaltStack

    Until now I have been using SaltStack to apply configuration, although in some cases that means removing default settings. In my new home lab I have deployed systems by doing bare-metal restores from live-system backups. Predominantly due to hardware differences, there are some difficulties that require undoing configurations SaltStack applies to the live systems to correct. I think of this as “anti-configuration-management”.

  • 22 Aug 2021 Automatically shutting down server and NAS

    At home we have a NAS (An APC Back-UPS BX1400UI) which protects our internet connectivity equipment, core network switch, one server and network-attached (NAS) storage device. The server runs the backup tool (BackupPC) that backs up all of my local and cloud systems, with the backups stored on an iSCSI volume on the NAS (with monthly “off-site” copies).

  • 10 Jan 2021 UPS monitoring and auto shut-down with NUT

    Last night we had a power-cut that lasted approximately 20 minutes, about 5 minutes into which I started my usual routine of manually shutting down systems to shed load (and hence prolong runtime for our broadband infrastructure) from my UPS. At around 15 minutes into the power-cut I started to get a bit twitchy about how much runtime was left on the UPS and finally go around to doing something about it (not the ideal conditions to be setting it up, but a good motivator).

Code rack

Dehydrated

Lets encrypt

Mythic beasts

  • 15 Jan 2021 Let's Encrypt SSL certificates at home

    For nearly 2 years I have been using Let’s Encrypt (like half the tech world) for SSL certificates on my public-facing projects and services. I have decided to try an extend their use to my internal sites too, and do-away with running my own certificate authority except for a few niche cases (OpenVPN, for example).

Github

Github actions

Linting

Slurm

  • 16 Apr 2023 Linux healthcheck script

    On my systems at home I use Icinga2 to monitor health, adding new checks as and when I identify something I think needs checking or if a failure occurs that was not detected. Sometimes it is necessary to do some checks via other means, such as SLURM’s healthcheck program so it can be useful to have checks in script form. On previous systems, we have used the Nagios plugins that Icinga uses to minimise the maintenance overhead of have duplicated tests. The script will be written in bash and minimise dependencies on non-Coreutils files to try and keep it portable to different distributions.

  • 14 Jul 2021 Creating Excel spreadsheets with Python

    Every month I produce usage spreadsheets for the HPC service I run. This involved much copying and pasting of data, which I already have a script to export in CSV format, into a bunch of spreadsheets for different people. In total, it takes about 7 hours (essentially a full working day of doing nothing else) to do - this post is taking some of that 7 hours to get the existing script to generate the required spreadsheets directly. This is definitely going to be a case of getting back more time than I invest.

  • 11 Jul 2021 Getting an interactive job with Slurm

    I keep getting this wrong (forgetting the --pty option), so all (Slurm users) recite together now:

  • 13 Feb 2021 Getting started with GitHub Actions

    One of the things we need more of in my new day-job is automation, something we were good at in my previous role. To get started with GitHub Actions I have decided to start with linting in one of my repositories, Slurm Helpers, and this post documents the journey to getting that working.

Ansible

Azure

Azure devops

Vnc

Ldap

Life

  • 05 Oct 2024 3rd Annual Global ADHD Conference

    Being very recently diagnosed with ADHD, I took the afternoon off work to attend the free (although I did make a donation towards the running costs as someone in the fortunate position to do so) 3rd Annual Global ADHD Conference jointly organised between ADHD UK and ADHD Australia the day before last. I was only able to attend that afternoon but it was very interesting and I took away some useful things (which I am noting here, mainly for my own benefit and to organise/consolidate the various post-its I scribbled things on during the talks) from two sessions in particular…

  • 20 Sep 2024 ADHD - Take 2 - Part 1 - Welcome to the ADHDer family

    If you have a shorter attention span, or just want the highlights, I’ve provided a TL;DR version at bottom - just click here. It won’t hurt to read that first then look at the long bit, if you want the filler, either.

  • 01 Nov 2022 Adding a bastion host - restructuring the network

    While trying to get started with Ansible I found Ansible really doesn’t like 2 factor sudo authentication. After trying, and failing, to write a new become plugin that merges the behaviour of the sudo plugin (use sudo) and su plugin (recognise other password prompts) I decided to try a different approach. Instead, I decided to setup a bastion/jumphost that will require 2 factors to login to and then fewer (i.e. just a password, or two (different) passwords or a certificate and a password) to login and become root on my systems. The bastion can be used as an ssh proxy host and this method is documented by Ansible although, for 2 factor logins to the bastion, we will need to pre-login and configure connection multiplexing (referenced from another post on using a bastion with Ansible) to reuse the connection without re-authenticating.

  • 05 Jul 2022 Bad habits

    When I was taught typing at school, we were made to type sentences with two spaces after the full-stop. Opinion has historically been split on this practice but most sources these days are clear that one space is now the only correct option (see 1st source below for a study that asserts 2 spaces promotes faster reading). Recently I have annoyed people at work reviewing my documents, as they have to replace my habitual two spaces with one. The problem from my end is that for nearly 30 years, most of which I have been touch-typing, I have consistently used two spaces. That’s a lot of muscle-memory to overcome!

  • 10 Jul 2021 Fixing Sky downloading on new broadband

    This post documents my attempt to send traffic from specific local hosts (Sky TV boxes) via my existing VPN connection, whilst retaining direct access to my broadband connection for all other hosts as a workaround to the annoying problems Sky services have when the client is behind a carrier-level network address translation (carrier-grade NAT or CGNAT).

  • 15 Jun 2021 Hay-fever

    For the first time in quite a few years I have been really suffering with hay-fever. The glorious sunshine during peak grass season (which is what causes mine) season has sent grass-pollen counts through the roof. This is coupled with me walking our two dogs during peak pollen times, in the morning and evenings (when the weather is cooler for the dogs) but I have been thinking about whether other factors are at play in my unusually high level of suffering this year. These are my entirely unscientific, layman, musings.

Musing

  • 22 Aug 2023 Security anti-patterns and browsing down

    While browsing for some information on browsing down, I found some useful resources from the National Cyber Security Centre; a whitepaper on Security Architecture Anti-Patterns, guidance on secure system administration and a blog post on protecting management interfaces (which focuses on browsing down).

  • 19 Oct 2022 Freeing disk space

    This post could be subtitled “down the rabbit hole”. I needed to reboot my router (kernel update) and, when I set about doing so, found that a backup job was still running 4 hours after it had started. Looking into why this was the case, I found the backups were taking on average 5 hours. Looking at the size of the backup it seemed a little on the large size for what the box does so I set about seeing whether this could be reduced which led to find some missing configurations…

  • 01 Mar 2022 Fighting with Windows Product Activation

    10 days after being installed, my “180 day evaluation” version of Windows Server 2019 has decided it is expired and will not activate. After trying unsuccessfully with both the telephone and their new web-based offline activation system (which you get the option to be text a time-limited link for through the phone system), I rang Microsoft’s support which resulted in being accused of pirating the software twice (according to them the entire “Microsoft Evaluation Center” section of Microsoft’s website does not exist) before being told that in order to use the 180 day trial I had to first buy a full licence (no, I cannot figure out how that is supposed to work either!).

  • 15 Jun 2021 Hay-fever

    For the first time in quite a few years I have been really suffering with hay-fever. The glorious sunshine during peak grass season (which is what causes mine) season has sent grass-pollen counts through the roof. This is coupled with me walking our two dogs during peak pollen times, in the morning and evenings (when the weather is cooler for the dogs) but I have been thinking about whether other factors are at play in my unusually high level of suffering this year. These are my entirely unscientific, layman, musings.

Non technical

  • 15 Jun 2021 Hay-fever

    For the first time in quite a few years I have been really suffering with hay-fever. The glorious sunshine during peak grass season (which is what causes mine) season has sent grass-pollen counts through the roof. This is coupled with me walking our two dogs during peak pollen times, in the morning and evenings (when the weather is cooler for the dogs) but I have been thinking about whether other factors are at play in my unusually high level of suffering this year. These are my entirely unscientific, layman, musings.

Random

  • 15 Jun 2021 Hay-fever

    For the first time in quite a few years I have been really suffering with hay-fever. The glorious sunshine during peak grass season (which is what causes mine) season has sent grass-pollen counts through the roof. This is coupled with me walking our two dogs during peak pollen times, in the morning and evenings (when the weather is cooler for the dogs) but I have been thinking about whether other factors are at play in my unusually high level of suffering this year. These are my entirely unscientific, layman, musings.

Raspberry pi

Troubleshooting

Firewall

Iptables

  • 10 Jul 2021 Fixing Sky downloading on new broadband

    This post documents my attempt to send traffic from specific local hosts (Sky TV boxes) via my existing VPN connection, whilst retaining direct access to my broadband connection for all other hosts as a workaround to the annoying problems Sky services have when the client is behind a carrier-level network address translation (carrier-grade NAT or CGNAT).

Virgin

Hpc

  • 27 Sep 2021 Custom EasyBlocks for easybuild

    Since my post on creating separate EasyBuild development environments I have encountered a piece of software I need to develop some custom EasyBlocks for. My scripts allow this, however my magic module does not initialise the platform-specific installs using a custom EasyBlock source. In order to retain the convenience of architecture-local initialisation on each architecture I modified part of my module.

  • 29 Jul 2021 Setting up EasyBuild environments

    This follows on from my post on platform detection with Lmod, using that as a tool from which to create platform-specific builds of software with EasyBuild. This is a long one, as it contains the full setup for getting this running.

  • 27 Jul 2021 Platform detection with Lmod

    Managing software start getting interesting in High-Performance Computing (HPC) when clusters become heterogeneous. One way to manage this, using a common shared filesystem, is to allow the software management tool to detect the current platform and make the appropriate software available. This post shows how to do this with the Lmod tool.

  • 14 Jul 2021 Creating Excel spreadsheets with Python

    Every month I produce usage spreadsheets for the HPC service I run. This involved much copying and pasting of data, which I already have a script to export in CSV format, into a bunch of spreadsheets for different people. In total, it takes about 7 hours (essentially a full working day of doing nothing else) to do - this post is taking some of that 7 hours to get the existing script to generate the required spreadsheets directly. This is definitely going to be a case of getting back more time than I invest.

  • 11 Jul 2021 Getting an interactive job with Slurm

    I keep getting this wrong (forgetting the --pty option), so all (Slurm users) recite together now:

Excel

  • 04 Oct 2024 Negative times in Excel

    For reasons I won’t go into, I use an Excel spreadsheet to track my time at work and transcribe it once a week to our hours recording system. Recently I modified it to include how many hours I had left allocated for this week to each project I was resourced to work on. When I “spent” more hours than allocated, this turned into a series of hash (#) marks - fortunately there was a simple way to have it display negative times instead.

  • 14 Jul 2021 Creating Excel spreadsheets with Python

    Every month I produce usage spreadsheets for the HPC service I run. This involved much copying and pasting of data, which I already have a script to export in CSV format, into a bunch of spreadsheets for different people. In total, it takes about 7 hours (essentially a full working day of doing nothing else) to do - this post is taking some of that 7 hours to get the existing script to generate the required spreadsheets directly. This is definitely going to be a case of getting back more time than I invest.

Cloud

Docker registry

Environment modules

  • 27 Jul 2021 Platform detection with Lmod

    Managing software start getting interesting in High-Performance Computing (HPC) when clusters become heterogeneous. One way to manage this, using a common shared filesystem, is to allow the software management tool to detect the current platform and make the appropriate software available. This post shows how to do this with the Lmod tool.

Lmod

Modules

Ubuntu

Easybuild

Vs code

Nextcloud

  • 05 Apr 2023 NextCloud version tracking

    Back in 2021, I added a check for the latest NextCloud version to Icinga based on a forum post from 2019 that suggested scraping the version from a file their GitHub website repository. Today I was looking at something on Icinga and it occurred to me I have not installed any NextCloud updates for a while, a quick check and I determined that the latest version in that file stalled at 23.0.3 (released 21 March 2022, now unsupported and not the last of the 23.x line - 23.0.12 is the last) and I am now 3 major versions behind - the current release is 26.0.0 on 21 March 2023.

  • 03 Nov 2022 Upgrade TPM to 2.0 on Dell XPS 13 9370 and installing Windows 11 and Debian Linux

    In order to install Windows 11, my laptop’s Trusted Platform Module firmware needs upgrading to support TPM 2.0. Dell provide a firmware update for some models, including mine. However installing it is complicated by Windows 10, which it is currently running, re-initialising the TPM on shutdown; breaking the firmware update process, which detects the TPM has data and aborts the update when it goes to apply it on next reboot.

  • 19 Oct 2022 Freeing disk space

    This post could be subtitled “down the rabbit hole”. I needed to reboot my router (kernel update) and, when I set about doing so, found that a backup job was still running 4 hours after it had started. Looking into why this was the case, I found the backups were taking on average 5 hours. Looking at the size of the backup it seemed a little on the large size for what the box does so I set about seeing whether this could be reduced which led to find some missing configurations…

  • 25 Aug 2021 Checking NextCloud version

    One of my current issues is that I do not notice my NextCloud install requires updating until it is no longer supported and the clients stops working with it. I already have icinga setup as my monitoring solution, so it has been on my to-do list for a while to create a plugin to check the version of my server against the latest release.

Terraform

Systemd

  • 14 Apr 2023 Distribution detection in Bash

    In order to write some portable health-checking scripts, I needed to reliably detect both distribution (or at least distribution family) and version (e.g. to cope with rpm moving from /bin to /usr/bin in Red Hat 7). I based this on my previous Lua distribution detection script for Lmod. In contrast to the Lmod script, I am not interested in any CPU/architecture detection (at present). I only need this for Red Hat Enterprise Linux family (including CentOS, Scientific Linux and Rocky), Ubuntu and Debian distributions. Adding others would be trivial, it is just a case of finding their lsb_release return values and an appropriate fallback (file) method.

  • 06 Apr 2023 Graphical progress feedback for Red Hat and Rocky kickstart post-scripts

    This post is about something I created and am genuine quite proud of. It creates a graphical progress bar to feedback on the progress of the %post section(s) in a kickstart installation script. I have used it with Red Hat and Rocky Linux distributions. It is an alternative to forcing a text install just to be able to programmatically chvt to the log in order to display custom script progress. It might seem simple but it took a lot of work and testing to get to a reliable solution.

  • 23 Feb 2022 Replacing Cisco Catalyst 2970 switch with 3560

    I originally deployed an old Cisco Catalyst 2970 switch in my new home lab environment however it was insufficient for my needs in a number of ways, such as no being able to act as NTP or DNS server and not supporting SSH for remote management. I also had a 3560, although the model I have has 48 ports (as opposed to the 24 on the 2970 I used) and is physically much longer (both being standard 1U 19” rack-mount height and width) which I why I initially tried the smaller, lower power, 2970.

  • 30 Sep 2021 docker-compose with systemd

    This post is about launching a Docker Compose orchestrated collection of containers as a system service using systemd. I provisioned a VM running Docker (it’s a loooong story but short version: Azure Kubernetes and Azure container services cannot be deployed without public IP addresses, which goes against some of our secure-by-design decisions) using Terraform and Ansible to deploy and configure it. The service it is running is a web application made up of two Docker containers and I have written a Docker Compose file that builds and runs the infrastructure.

Storage

  • 12 Feb 2023 Moving backup data off NAS

    Following on from my NAS disaster recovery post, I decided to fork out for some new hard disks and move the volume I backup to from the NAS to being internal to the server doing the backups. I had been considering this for performance reasons but as the NAS is also backed up, it would have aided recovery to not have to fetch the off-site backups. The flip-side of this option is that it means if the server fails I lose access to the backups - so either way I have a single point of failure.

  • 29 Jul 2022 Backing up large static files

    In addition to my computer backups I have a large cache of static files on my NAS. Some of these files are very large, the files never change, are relatively rarely added to and are all retrievable from elsewhere (either by re-downloading from the internet or re-copying from a physical disk). Backing them up is more a convenience to avoid recreating the cache from scratch, rather than it being a catastrophe if they were lost, so I chose to create a single off-site copy on some external disks (3 of them, to accommodate all of the files at a sensible size/price point for the external drives) with rsync. This is rather than backing them up by adding more storage to the NAS to increase the size of the local backup volume to accommodate them, which would in turn necessitate buying larger off-site disks.

  • 22 Jul 2022 Installing Gentoo on Lenovo M72e Tiny PC

    It has been a very long time since I install Gentoo Linux on anything, so just noting in a blog post what I did. As always, the basic process is RTFM in the form of the Gentoo Handbook. In this post, I got as far as completing what I will call the “modern stage 1” (i.e. the process for rebuilding everything with an optimised toolchain, which used to be a “stage 1” install but became a “stage 3 with bootstrap.sh script” around 2010) but not configuring/building/installing the kernel and bootloader. Unfortunately I ran out of time to play with this and went back to Debian on the system, in order to get some other work done.

  • 24 Feb 2022 Setting up Ceph on Proxmox

    Following from setting up my first vm and turning it into a Proxmox cluster I wanted to setup Ceph as a decentralised and shared storage infrastructure which should allow more seamless migration of VMs between hosts.

  • 22 Feb 2022 Turning my standalone Proxmox into a cluster

    I installed 2 more Proxmox servers using the process I used to setup the first one and this post is my notes about adding them to the cluster. Note that I already created the cluster during the first node’s setup, although at the time is was a single-node “cluster”.

  • 21 Feb 2022 Creating first VM in Proxmox

    This post documents my first Proxmox VE host installation, configuration and the building of a Windows Domain Controller VM within my new home lab environment.

  • 16 Feb 2022 Setting up ReadyNAS Duo for home lab

    I have an old ReadyNAS Duo 2120 (confusingly it says 2120v2 on the bottom, although it is RND2000v1 generation hardware) which I have turned into a webserver to provide a mirror service for my new air gapped home lab network. This is a precursor to setting up Proxmox VE, with both read-only package mirrors and ISO repository on the NAS. It is updated via a USB hard disk which I sync on my home network then physically move to the lab environment, mount read-only to update the mirrors from.

  • 03 Dec 2021 TerraForm and Azure NFS-enabled Blob Storage

    Continuing my journey of TerraForm with Microsoft’s Azure cloud, I needed to create some blob storage with NFS enabled (which currently has to be done at the storage account level and can only be turned on or off at account creation time).

Television

Email

  • 20 Jan 2022 Routing email based on sender address

    For some external email addresses, I need my mail server to relay mail through their SMTP host in order to pass DKIM/SPF checks (otherwise my mail server is just forging the from address from the point of view of the destination system). These are the changes needed to make this work in my virtual mail setup.

  • 17 Jan 2022 Setting up DKIM and DMARC

    This all started because GMail started blocking my mail server’s IP address. A close inspection of my mail logs showed no unusual activity, and certainly nothing spammy being sent from my system, but there is a strong recommendation to setup DKIM for email domains which I have not done yet (SPF has been in place for many years). This post documents setting up OpenDKIM in my existing virtual mail infrastructure.

Opendkim

  • 17 Jan 2022 Setting up DKIM and DMARC

    This all started because GMail started blocking my mail server’s IP address. A close inspection of my mail logs showed no unusual activity, and certainly nothing spammy being sent from my system, but there is a strong recommendation to setup DKIM for email domains which I have not done yet (SPF has been in place for many years). This post documents setting up OpenDKIM in my existing virtual mail infrastructure.

Postfix

Rfc6376

  • 17 Jan 2022 Setting up DKIM and DMARC

    This all started because GMail started blocking my mail server’s IP address. A close inspection of my mail logs showed no unusual activity, and certainly nothing spammy being sent from my system, but there is a strong recommendation to setup DKIM for email domains which I have not done yet (SPF has been in place for many years). This post documents setting up OpenDKIM in my existing virtual mail infrastructure.

Ntp

Puppet

  • 29 Dec 2023 Using Ansible to find IP addresses for DHCP clients

    This post follows on from automating Debian install, picking up doing the post-install configuration from the point of having a (generic) baseline OS installed. I am using Ansible to do the post-installation configuration but any other configuration management tool could be used and I have personally used SaltStack, Puppet and cfengine to implement this approach (simple, minimal OS install handing off to configuration management tool to do host-specific customisation post-install) with a variety of Linux distributions. Reasons I like this approach include that all host-specific configuration and data is in one location, creating clarity about whether a setting or configuration comes from the install script (e.g. kickstart/preseed) or configuration management tool (or both), and all customisations being applied by the configuration management tool means those remain correct (and corrected by the tool if they deviate) throughout the lifetime of the system.

  • 22 Aug 2023 Automated Debian install

    This is another of those posts that I started and some time (measured in months) later I split up due to not having completed what I set out to do. My overall goal is to have a fully automated install that results in a system with disk encryption setup up but can be remotely unlocked and managed. The intention is that, in most circumstances, any of my systems could be reinstalled headlessly (that is, without plugging in a keyboard or monitor).

  • 07 Apr 2023 Fully automated reinstall of Rocky Linux with Ansible and Puppet

    This post is about automating, end-to-end, reinstalling a booted Rocky Linux system. The automation is done using Ansible but Puppet is used to configure the hosts, so Ansible orchestrates Puppet too. This is closely related to my recent posts on kickstart graphical feedback (tentatively related to the Puppet piece) and generating custom install isos (for complete hands-off reinstalls). All of the systems involved are bound to a Microsoft Active Directory [AD], so common credentials can be used and the computer that is being reinstalled will need its computer object resetting to rebind automatically. The local ssh host key cache is also updated after the reinstall is finished too, do avoid “the host key has changed” warnings post re-install.

  • 06 Apr 2023 Graphical progress feedback for Red Hat and Rocky kickstart post-scripts

    This post is about something I created and am genuine quite proud of. It creates a graphical progress bar to feedback on the progress of the %post section(s) in a kickstart installation script. I have used it with Red Hat and Rocky Linux distributions. It is an alternative to forcing a text install just to be able to programmatically chvt to the log in order to display custom script progress. It might seem simple but it took a lot of work and testing to get to a reliable solution.

  • 20 Jul 2022 UPS automated shutdown failure

    Back in August I setup fully automated shutdown of my server and NAS on power failure and the night before last we had a 2 hour power outage during which these systems failed to shutdown until the UPS reached its critical low battery state.

  • 11 Feb 2022 Parameterized Puppet class

    Continuing my experimentation with Puppet I created my first class which takes parameters and sets those parameters using data in the master repository (for now).

  • 24 Jan 2022 From Salt to Puppet

    I have been using SaltStack for many years(although my current SaltStack configuration Git history goes back to 2013, so I had been using for at least a few years before the linked post). Prior to that I have had some experience using Puppet and cfengine but this was before I started using SaltStack so my Puppet knowledge is at least 10 years old.

Django

  • 03 Feb 2022 Generating Django secret keys with Python 3.6

    This is a quick post - starting with Python 3.6, a secrets module is included “for generating cryptographically strong random numbers suitable for managing data such as passwords, account authentication, security tokens, and related secrets”. This means we can generate good values for Django’s SECRET_KEY setting on any system with Python installed:

Vim

Air gapped

Catalyst

Cisco

Dhcp

  • 07 Apr 2024 Migrate DHCP server configuration from Salt to Ansible

    One of the big bits I have not yet migrated from SaltStack to Ansible is my router, including DHCP and DNS. The management subnet was not configured to allow PXE booting, so I decided this was the right opportunity to make a start on that migration to Ansible. I did this by expanding my existing DHCP role with additional tasks.

  • 04 Apr 2024 Mirror proxy for limited access networks

    In my new network design, I crate a new VLAN that, for security, I did not want to provide a default route to, or routed access to anything outside my network. However the new VM hosts within still need to be able to get their packages and updates. So, I want to provide limited internet access via a very restrictive “whitelist” proxy with strict rules on what can be accessed (initially just deb.debian.org). I may even make this an authenticating proxy, in the future.

  • 12 Jan 2024 Orchestrating Debian install and automated post-install configuration with Ansible

    In the exciting* conclusion of the process of using Ansible to find dynamic client IPs and solving the PXE/iPXE/Debian installer/dropbear/OS identity crisis, I use this work to automate the post-install configuration of systems installed using my generic Debian install preseed. In this post I will be going through the install Ansible playbook (including some tweaks to the Debian installer preseed file), post-install configuration (bootstrap) playbook, remote unlocking playbook and reinstall playbook.

  • 03 Jan 2024 DHCP, IP addresses, client IDs and an identity crisis

    Following on from my post on looking up DHCP client IP addresses with Ansible, I had intermittent problems with hosts changing IP, which I initially observed if the OS was uncleanly shutdown. The root cause (discussed below) is that the Debian installer, the DHCP client used by initramfs for dropbear and OS DHCP client are not all using the same client id. In the situation I first saw this, I suspected that on a clean shutdown the OS’s DHCP client issues a release on the IP so it is available (and with very low IP churn in my development environments it happened to be issued again when it came back up) however on an unclean shutdown there was still a valid lease to the OS’s client id resulting in dropbear getting a different IP but post-unlock the OS (using the same client-id as the unreleased lease) recovered the “old” IP lease. I confirmed this hypothesis with empirical testing. In this post, I discuss why this is happening and use Ansible to dynamically configure the DHCP server to workaround the problem.

  • 29 Dec 2023 Using Ansible to find IP addresses for DHCP clients

    This post follows on from automating Debian install, picking up doing the post-install configuration from the point of having a (generic) baseline OS installed. I am using Ansible to do the post-installation configuration but any other configuration management tool could be used and I have personally used SaltStack, Puppet and cfengine to implement this approach (simple, minimal OS install handing off to configuration management tool to do host-specific customisation post-install) with a variety of Linux distributions. Reasons I like this approach include that all host-specific configuration and data is in one location, creating clarity about whether a setting or configuration comes from the install script (e.g. kickstart/preseed) or configuration management tool (or both), and all customisations being applied by the configuration management tool means those remain correct (and corrected by the tool if they deviate) throughout the lifetime of the system.

  • 26 Sep 2023 Adding Solar VLAN

    We are getting solar panels installed and the system comes with an inverter that uses a WiFi module to connect to a cloud service. Having looked into published information online, I have concluded that the WiFi module is going nowhere near anything else on my network so I am creating a separate VLAN for it.

  • 22 Aug 2023 Automated Debian install

    This is another of those posts that I started and some time (measured in months) later I split up due to not having completed what I set out to do. My overall goal is to have a fully automated install that results in a system with disk encryption setup up but can be remotely unlocked and managed. The intention is that, in most circumstances, any of my systems could be reinstalled headlessly (that is, without plugging in a keyboard or monitor).

  • 11 Oct 2022 Targeted PXE booting

    Following on from my previous post on PXE booting Debian Installer with network-console (SSH access), I wanted to take this a stage further an fully automate deployments but in a very targeted way. My idea is that some hosts (e.g. Proxmox nodes) should reinstall and, ultimately, re-add themselves to the cluster automatically where as others should continue to just boot into the interactive Debian installer by default. Fortunately this is very easy to achieve with iPXE.

  • 04 Oct 2022 Debian network install preseed

    Back in 2020, I used the Debian installer’s pre-seed capability to automatically build KVM-based VMs. In my new lab network I have 10 systems that are headless, attached to managed PDUs (so can be remotely power cycled) but have no integrated console or KVM attached. Debian Installer has a network console feature, which allows remote installs over SSH. This post describes automating the setup of that so a network-booted host in the lab network will, by default, boot into the Debian Installer for the current stable distribution ready for me to remotely SSH in and complete the install.

  • 30 Sep 2022 New wireless setup

    This post describes setting up client-specific wireless network keys (private pre-shared keys or “PPSKs”) and per-client VLAN settings on a single wireless SSID, using FreeRADIUS to provide the key and vlan information.

  • 28 Sep 2022 APC PDUs and DHCP

    Just over 5 months since I bought them, and 2 months since my last blog post it appears, I have finally got around to configuring the APC AP7920 PDUs I reset in April.

  • 23 Feb 2022 Replacing Cisco Catalyst 2970 switch with 3560

    I originally deployed an old Cisco Catalyst 2970 switch in my new home lab environment however it was insufficient for my needs in a number of ways, such as no being able to act as NTP or DNS server and not supporting SSH for remote management. I also had a 3560, although the model I have has 48 ports (as opposed to the 24 on the 2970 I used) and is physically much longer (both being standard 1U 19” rack-mount height and width) which I why I initially tried the smaller, lower power, 2970.

  • 15 Feb 2022 Setting up Cisco Catalyst Switch for home-lab

    This post covers the first step in setting up my new home lab, configuring a Cisco switch for the new air-gapped environment which I will install Proxmox VE into later.

Home lab

M72e

Proxmox

Mirrors

Ceph

High availability

Chrony

Systemd timesyncd

Activation

  • 01 Mar 2022 Fighting with Windows Product Activation

    10 days after being installed, my “180 day evaluation” version of Windows Server 2019 has decided it is expired and will not activate. After trying unsuccessfully with both the telephone and their new web-based offline activation system (which you get the option to be text a time-limited link for through the phone system), I rang Microsoft’s support which resulted in being accused of pirating the software twice (according to them the entire “Microsoft Evaluation Center” section of Microsoft’s website does not exist) before being told that in order to use the 180 day trial I had to first buy a full licence (no, I cannot figure out how that is supposed to work either!).

Disaster recovery

  • 12 Mar 2023 Adding a bastion host - finishing monitoring migration to Ansible

    About a month and half after setting up a proper secrets store with HashiCorp Vault I am able to pick up, crossing off a number of roles migrated from SaltStack in the process. This is with no secrets stored in the code, unlike my Salt configuration which had secrets in the pillar data. With the infrastructure setup and linked to Ansible, I am able to continue with finishing this migration task.

  • 12 Feb 2023 Moving backup data off NAS

    Following on from my NAS disaster recovery post, I decided to fork out for some new hard disks and move the volume I backup to from the NAS to being internal to the server doing the backups. I had been considering this for performance reasons but as the NAS is also backed up, it would have aided recovery to not have to fetch the off-site backups. The flip-side of this option is that it means if the server fails I lose access to the backups - so either way I have a single point of failure.

  • 31 Jan 2023 ReadyNas disaster recovery

    Last night my ReadyNas suddenly went read-only with the ominous sounding log message Jan 30, 2023 16:54:47 Volume: The volume data encountered an error and was made read-only. It is recommended to backup your data. - it looks like it ran out of RAM which ultimately caused BTRFS corruption. Despite 3 hours of attempting to recover, I was unable to repair the underlying BTRFS filesystem, so decided the only option was to reset the NAS (which would recreate the filesystem) and execute the disaster recovery (DR) plan.

  • 29 Jul 2022 Backing up large static files

    In addition to my computer backups I have a large cache of static files on my NAS. Some of these files are very large, the files never change, are relatively rarely added to and are all retrievable from elsewhere (either by re-downloading from the internet or re-copying from a physical disk). Backing them up is more a convenience to avoid recreating the cache from scratch, rather than it being a catastrophe if they were lost, so I chose to create a single off-site copy on some external disks (3 of them, to accommodate all of the files at a sensible size/price point for the external drives) with rsync. This is rather than backing them up by adding more storage to the NAS to increase the size of the local backup volume to accommodate them, which would in turn necessitate buying larger off-site disks.

  • 08 May 2022 Restoring configuration management system from DR backup

    After restoring the router, the next step I needed to complete was to restore my configuration management server in order to start orchestrating the rest. On the live network this resides in a virtual machine on my HP Microserver. This means I need to restore the host and the VM to get this up and running.

  • 06 May 2022 Restoring the router from DR backup

    Following on from getting my DR “off-site” backup available to restore from, from scratch I restored the first machine from that backup, the router (to get DNS and DHCP up and running). After this, I can start deploying other bits.

  • 19 Apr 2022 Bootstrapping a new network

    As part of working on my new home lab I moved my old core switch, a TP-Link T1600G-28PS to replace the aged Cisco switches that I was using temporarily. Now I have the same make and generation of switch in the lab as my main network, I can start replicating my core network in the lab for testing and development. I am not sure I have ever bootstrapped a network (bearing in mind this lab is air-gapped) before - I have always started with some sort of router or other existing infrastructure (i.e. some form of DHCP server and DNS) I have migrated away from.

Bios

Power

Uefi

Updates

Ap7920

Console

Minicom

Pdu

Serial

Proxy

  • 15 Sep 2024 Adding a bastion host - setting up the bastion

    After finally breaking through the barrier of migrating sufficient of my SaltStack managed configuration to Ansible, I can build my first bastion host. My thinking has moved on slightly from my original design but, for now, I am going to try and focus this post on just building the bastion and leave discussing the network design for another post.

  • 27 Jun 2024 Accessing GitHub through a proxy

    When I clustered my HashiCorp Vault, I found that the cron-wrapper scrip that I have on GitHub would not download despite me adding it as a proxied URL to my proxy. This seemed to be due to the response exceeding the proxy buffer size.

  • 04 Apr 2024 Mirror proxy for limited access networks

    In my new network design, I crate a new VLAN that, for security, I did not want to provide a default route to, or routed access to anything outside my network. However the new VM hosts within still need to be able to get their packages and updates. So, I want to provide limited internet access via a very restrictive “whitelist” proxy with strict rules on what can be accessed (initially just deb.debian.org). I may even make this an authenticating proxy, in the future.

  • 11 Jul 2022 Getting PIP working behind an SSL-breaking proxy

    If you are behind a proxy that breaks SSL (basically it does a man-in-the-middle attack, hopefully with your consent, typically for deep inspection) you may need to tell pip to use the system certificate store (presuming that trusts the proxy’s certificate), rather than its embedded one, via the PIP_CERT environment variable.

  • 23 May 2022 Authenticated proxy configuration with bash

    Bash script which can be sourced to configure http_proxy, https_proxy and no_proxy environment variables (used by most internet-capable Linux applications) for a specific proxy. Prompts for domain (defaults to the local domain if machine is domain joined through realmd), username (defaults to local username) and password, although it then puts it into the environment variable so retrievable by anyone with access to the subsequent environment. As a superficial level of security, it exports an env bash function that wraps the usual command to redact the password.

Qr code

Blog

  • 31 May 2023 New blog posts landing - update

    I just published 33 new blog posts. Nothing more to say really, other then normal service will hopefully now resume. I have decided that I will adopt a new policy of dating posts when they are published, rather than when I start writing them…

  • 07 Apr 2023 New blog posts landing

    You may have noticed there appears to have been no posts since one on October 30th until one on 5th April. This is not because I have not written any, and a flurry (well, 8 including this one) of new posts have appeared in the last few days, beginning with that one on the 5th April. These are ones that I had “written” in my head but not yet committed to actual posts; the Bank Holiday in the UK, slight reprieve from day-job work in the evenings leading up to it, and my wife abandoning me to my own devices today has given me an opportunity to catch up. There also a further 28 posts in draft, which I have written over the last 6 months, that will hopefully land on the live blog soon. They have not yet been published because many of them link together, or cross-reference each other, in such a way that it will be difficult to publish individual ones until they are finished. Sorry about that.

  • 21 Mar 2023 Stripping metadata from photographs for publication

    In preparation for publishing my post about setting up a USB RAID box I wanted to strip the metadata (mainly GPS location) from the photos I took while setting it up, before publishing them publicly on this blog. Fortunately ImageMagick makes this easy.

  • 06 Jul 2022 Fixing automated blog deployment

    I noticed recently that my blog(not that you need a link, if you are reading it!) has stopped automatically updating when changes are merged into the main branch. On investigation I found that Gitea has stopped including the secret in the payload (which is very good, from a security point of view) and instead now hashes the payload along with the secret and puts that value in the X-Gitea-Signature header.

Faults

Debmirror

Gentoo

  • 22 Aug 2023 Automated Debian install

    This is another of those posts that I started and some time (measured in months) later I split up due to not having completed what I set out to do. My overall goal is to have a fully automated install that results in a system with disk encryption setup up but can be remotely unlocked and managed. The intention is that, in most circumstances, any of my systems could be reinstalled headlessly (that is, without plugging in a keyboard or monitor).

  • 16 Nov 2022 Adding mirrors to laptop (a.k.a. improving mirror sync 2.0)

    As I put a new, very large, SSD in my laptop I decided it would be convenient (for playing with virtual machines etc.) to have a sub-set of my mirrors on there. This post explains how I took my latest mirroring scripts and made it flex to do this.

  • 27 Oct 2022 Mirroring pip packages

    As I was trying to install a recent version of Ansible in my air-gapped home lab network I discovered that mirroring Python packages, e.g. from PyPi, is quite difficult despite pip’s download option. The --platform, --python-version, --implementation and --abi options are supposed to allow downloading for another platform but finding the right combination of options was tricky - in particular the cryptography package (which often causes me issues) would not download for Debian Bullseye on either Buster or macOS with any combinations I tried. In the end, I resorted to the approach I adopted for Gentoo, using a Docker container to download for the platform inside the container.

  • 22 Jul 2022 Installing Gentoo on Lenovo M72e Tiny PC

    It has been a very long time since I install Gentoo Linux on anything, so just noting in a blog post what I did. As always, the basic process is RTFM in the form of the Gentoo Handbook. In this post, I got as far as completing what I will call the “modern stage 1” (i.e. the process for rebuilding everything with an optimised toolchain, which used to be a “stage 1” install but became a “stage 3 with bootstrap.sh script” around 2010) but not configuring/building/installing the kernel and bootloader. Unfortunately I ran out of time to play with this and went back to Debian on the system, in order to get some other work done.

  • 06 Jul 2022 Improving mirror sync

    The number of things being mirrored since I initially setup my mirrors in the home-lab network has grown and the current bash script has become a bit cumbersome to maintain. This post describes the process of replacing the current script and then extending it to mirror more things, including Gentoo and Git repositories - something that took nearly 4 weeks (bearing in mind this is a hobby-project, fitting it in around work and home life). Strap in, this is going to be a long post….

Portage

  • 16 Nov 2022 Adding mirrors to laptop (a.k.a. improving mirror sync 2.0)

    As I put a new, very large, SSD in my laptop I decided it would be convenient (for playing with virtual machines etc.) to have a sub-set of my mirrors on there. This post explains how I took my latest mirroring scripts and made it flex to do this.

  • 22 Jul 2022 Installing Gentoo on Lenovo M72e Tiny PC

    It has been a very long time since I install Gentoo Linux on anything, so just noting in a blog post what I did. As always, the basic process is RTFM in the form of the Gentoo Handbook. In this post, I got as far as completing what I will call the “modern stage 1” (i.e. the process for rebuilding everything with an optimised toolchain, which used to be a “stage 1” install but became a “stage 3 with bootstrap.sh script” around 2010) but not configuring/building/installing the kernel and bootloader. Unfortunately I ran out of time to play with this and went back to Debian on the system, in order to get some other work done.

  • 06 Jul 2022 Improving mirror sync

    The number of things being mirrored since I initially setup my mirrors in the home-lab network has grown and the current bash script has become a bit cumbersome to maintain. This post describes the process of replacing the current script and then extending it to mirror more things, including Gentoo and Git repositories - something that took nearly 4 weeks (bearing in mind this is a hobby-project, fitting it in around work and home life). Strap in, this is going to be a long post….

Reposync

  • 16 Nov 2022 Adding mirrors to laptop (a.k.a. improving mirror sync 2.0)

    As I put a new, very large, SSD in my laptop I decided it would be convenient (for playing with virtual machines etc.) to have a sub-set of my mirrors on there. This post explains how I took my latest mirroring scripts and made it flex to do this.

  • 20 Oct 2022 iPXE remote image fetching

    I mentioned in my targeted PXE booting post that I might migrate from maintaining copies of the kernel and initial ramdisks on the tftp server to asking iPXE to fetch them directly. This has been brought to the fore after I updated the mirror in my home lab environment and the installer no longer starts due to not being able to load its kernel modules. When I fetched the image from the mirror and compared its checksum to the one in my configuration management system I saw it had changed.

  • 06 Jul 2022 Improving mirror sync

    The number of things being mirrored since I initially setup my mirrors in the home-lab network has grown and the current bash script has become a bit cumbersome to maintain. This post describes the process of replacing the current script and then extending it to mirror more things, including Gentoo and Git repositories - something that took nearly 4 weeks (bearing in mind this is a hobby-project, fitting it in around work and home life). Strap in, this is going to be a long post….

Rocky

Rpm

  • 06 Jul 2022 Improving mirror sync

    The number of things being mirrored since I initially setup my mirrors in the home-lab network has grown and the current bash script has become a bit cumbersome to maintain. This post describes the process of replacing the current script and then extending it to mirror more things, including Gentoo and Git repositories - something that took nearly 4 weeks (bearing in mind this is a hobby-project, fitting it in around work and home life). Strap in, this is going to be a long post….

Pip

Freeradius

  • 30 Sep 2022 New wireless setup

    This post describes setting up client-specific wireless network keys (private pre-shared keys or “PPSKs”) and per-client VLAN settings on a single wireless SSID, using FreeRADIUS to provide the key and vlan information.

Radius

  • 26 Sep 2023 Adding Solar VLAN

    We are getting solar panels installed and the system comes with an inverter that uses a WiFi module to connect to a cloud service. Having looked into published information online, I have concluded that the WiFi module is going nowhere near anything else on my network so I am creating a separate VLAN for it.

  • 30 Sep 2022 New wireless setup

    This post describes setting up client-specific wireless network keys (private pre-shared keys or “PPSKs”) and per-client VLAN settings on a single wireless SSID, using FreeRADIUS to provide the key and vlan information.

Ipxe

Isc dhcp server

  • 07 Apr 2024 Migrate DHCP server configuration from Salt to Ansible

    One of the big bits I have not yet migrated from SaltStack to Ansible is my router, including DHCP and DNS. The management subnet was not configured to allow PXE booting, so I decided this was the right opportunity to make a start on that migration to Ansible. I did this by expanding my existing DHCP role with additional tasks.

  • 04 Apr 2024 Mirror proxy for limited access networks

    In my new network design, I crate a new VLAN that, for security, I did not want to provide a default route to, or routed access to anything outside my network. However the new VM hosts within still need to be able to get their packages and updates. So, I want to provide limited internet access via a very restrictive “whitelist” proxy with strict rules on what can be accessed (initially just deb.debian.org). I may even make this an authenticating proxy, in the future.

  • 03 Jan 2024 DHCP, IP addresses, client IDs and an identity crisis

    Following on from my post on looking up DHCP client IP addresses with Ansible, I had intermittent problems with hosts changing IP, which I initially observed if the OS was uncleanly shutdown. The root cause (discussed below) is that the Debian installer, the DHCP client used by initramfs for dropbear and OS DHCP client are not all using the same client id. In the situation I first saw this, I suspected that on a clean shutdown the OS’s DHCP client issues a release on the IP so it is available (and with very low IP churn in my development environments it happened to be issued again when it came back up) however on an unclean shutdown there was still a valid lease to the OS’s client id resulting in dropbear getting a different IP but post-unlock the OS (using the same client-id as the unreleased lease) recovered the “old” IP lease. I confirmed this hypothesis with empirical testing. In this post, I discuss why this is happening and use Ansible to dynamically configure the DHCP server to workaround the problem.

  • 29 Dec 2023 Using Ansible to find IP addresses for DHCP clients

    This post follows on from automating Debian install, picking up doing the post-install configuration from the point of having a (generic) baseline OS installed. I am using Ansible to do the post-installation configuration but any other configuration management tool could be used and I have personally used SaltStack, Puppet and cfengine to implement this approach (simple, minimal OS install handing off to configuration management tool to do host-specific customisation post-install) with a variety of Linux distributions. Reasons I like this approach include that all host-specific configuration and data is in one location, creating clarity about whether a setting or configuration comes from the install script (e.g. kickstart/preseed) or configuration management tool (or both), and all customisations being applied by the configuration management tool means those remain correct (and corrected by the tool if they deviate) throughout the lifetime of the system.

  • 22 Aug 2023 Automated Debian install

    This is another of those posts that I started and some time (measured in months) later I split up due to not having completed what I set out to do. My overall goal is to have a fully automated install that results in a system with disk encryption setup up but can be remotely unlocked and managed. The intention is that, in most circumstances, any of my systems could be reinstalled headlessly (that is, without plugging in a keyboard or monitor).

  • 11 Oct 2022 Targeted PXE booting

    Following on from my previous post on PXE booting Debian Installer with network-console (SSH access), I wanted to take this a stage further an fully automate deployments but in a very targeted way. My idea is that some hosts (e.g. Proxmox nodes) should reinstall and, ultimately, re-add themselves to the cluster automatically where as others should continue to just boot into the interactive Debian installer by default. Fortunately this is very easy to achieve with iPXE.

  • 04 Oct 2022 Debian network install preseed

    Back in 2020, I used the Debian installer’s pre-seed capability to automatically build KVM-based VMs. In my new lab network I have 10 systems that are headless, attached to managed PDUs (so can be remotely power cycled) but have no integrated console or KVM attached. Debian Installer has a network console feature, which allows remote installs over SSH. This post describes automating the setup of that so a network-booted host in the lab network will, by default, boot into the Debian Installer for the current stable distribution ready for me to remotely SSH in and complete the install.

Pxe

Virtualbox

  • 22 Aug 2023 Automated Debian install

    This is another of those posts that I started and some time (measured in months) later I split up due to not having completed what I set out to do. My overall goal is to have a fully automated install that results in a system with disk encryption setup up but can be remotely unlocked and managed. The intention is that, in most circumstances, any of my systems could be reinstalled headlessly (that is, without plugging in a keyboard or monitor).

  • 11 Oct 2022 Targeted PXE booting

    Following on from my previous post on PXE booting Debian Installer with network-console (SSH access), I wanted to take this a stage further an fully automate deployments but in a very targeted way. My idea is that some hosts (e.g. Proxmox nodes) should reinstall and, ultimately, re-add themselves to the cluster automatically where as others should continue to just boot into the interactive Debian installer by default. Fortunately this is very easy to achieve with iPXE.

Find

Fail2ban

Dban

Audio

Cover art

Flac

Gimp

Images

Imagemagick

Jpeg

Nw a45

Sony

Tagging

Macos

Pypi

  • 27 Oct 2022 Mirroring pip packages

    As I was trying to install a recent version of Ansible in my air-gapped home lab network I discovered that mirroring Python packages, e.g. from PyPi, is quite difficult despite pip’s download option. The --platform, --python-version, --implementation and --abi options are supposed to allow downloading for another platform but finding the right combination of options was tricky - in particular the cryptography package (which often causes me issues) would not download for Debian Bullseye on either Buster or macOS with any combinations I tried. In the end, I resorted to the approach I adopted for Gentoo, using a Docker container to download for the platform inside the container.

Abcde

Cd ripping

Cddb

Music

2fa

  • 04 Aug 2024 Adding a bastion host - migrating additional roles to ansible

    Having thought I had finished migrating my monitoring server configuration to Ansible, however when I came to start the next step of setting up the bastion I noticed I had neglected to consider the existing 2 factor configuration. Which is rather shocking considering Ansible not playing nicely with it is the motivation for this work…

  • 30 Oct 2022 Ansibleising iPXE configuration

    This post ws going to be about migrating my iPXE configuration from being managed by SaltStack to Ansible. It was supposed to be the start of migrating all of my configuration management over to simplify bare-metal DR and managing test/development infrastructure without first deploying a master, or control, server. Starting with iPXE is motivated by needing to update the configuration following my lab experiment, moving it from duplicating the kernel and initial ramdisks on the tftp server to fetching them directly from a mirror. However, things turned out not to be so simple and I ended up restructuring the network and migrating some other configurations before getting back to iPXE.

Authenticator

  • 30 Oct 2022 Ansibleising iPXE configuration

    This post ws going to be about migrating my iPXE configuration from being managed by SaltStack to Ansible. It was supposed to be the start of migrating all of my configuration management over to simplify bare-metal DR and managing test/development infrastructure without first deploying a master, or control, server. Starting with iPXE is motivated by needing to update the configuration following my lab experiment, moving it from duplicating the kernel and initial ramdisks on the tftp server to fetching them directly from a mirror. However, things turned out not to be so simple and I ended up restructuring the network and migrating some other configurations before getting back to iPXE.

Bastion

Caring

Dia

Efi

Firewalld

Grub

Intel rst

Keepass

Logitech

Tpm

Windows 10

Windows 11

Awesomewm

Desktop

Lua

Timezone

Dictionary

  • 14 Nov 2022 Following chains of symlinks

    Sometimes one stumbles across a command that they probably should have known about for a while. Today, for me, that command is namei ‘follow a pathname until a terminal point is found’. As it says, one of the really nice things it can do is resolve chains of symlinks showing each link in the chain.

Symlinks

  • 14 Nov 2022 Following chains of symlinks

    Sometimes one stumbles across a command that they probably should have known about for a while. Today, for me, that command is namei ‘follow a pathname until a terminal point is found’. As it says, one of the really nice things it can do is resolve chains of symlinks showing each link in the chain.

Wordlist

  • 14 Nov 2022 Following chains of symlinks

    Sometimes one stumbles across a command that they probably should have known about for a while. Today, for me, that command is namei ‘follow a pathname until a terminal point is found’. As it says, one of the really nice things it can do is resolve chains of symlinks showing each link in the chain.

Gitlab

Arm

Hashicorp

Jinja

Vault

Amavis

Databases

Postgresql

Uwsgi

Apt mirror

Cron

Hcl

Json

Rfc8555

Tcpdump

Yaml

Chocolatey

Intel nuc

Microsoft office

Oki mc363 dn

Registry

Btrfs

  • 31 Jan 2023 ReadyNas disaster recovery

    Last night my ReadyNas suddenly went read-only with the ominous sounding log message Jan 30, 2023 16:54:47 Volume: The volume data encountered an error and was made read-only. It is recommended to backup your data. - it looks like it ran out of RAM which ultimately caused BTRFS corruption. Despite 3 hours of attempting to recover, I was unable to repair the underlying BTRFS filesystem, so decided the only option was to reset the NAS (which would recreate the filesystem) and execute the disaster recovery (DR) plan.

Lvm

  • 12 Jan 2024 Orchestrating Debian install and automated post-install configuration with Ansible

    In the exciting* conclusion of the process of using Ansible to find dynamic client IPs and solving the PXE/iPXE/Debian installer/dropbear/OS identity crisis, I use this work to automate the post-install configuration of systems installed using my generic Debian install preseed. In this post I will be going through the install Ansible playbook (including some tweaks to the Debian installer preseed file), post-install configuration (bootstrap) playbook, remote unlocking playbook and reinstall playbook.

  • 22 Aug 2023 Automated Debian install

    This is another of those posts that I started and some time (measured in months) later I split up due to not having completed what I set out to do. My overall goal is to have a fully automated install that results in a system with disk encryption setup up but can be remotely unlocked and managed. The intention is that, in most circumstances, any of my systems could be reinstalled headlessly (that is, without plugging in a keyboard or monitor).

  • 12 Feb 2023 Moving backup data off NAS

    Following on from my NAS disaster recovery post, I decided to fork out for some new hard disks and move the volume I backup to from the NAS to being internal to the server doing the backups. I had been considering this for performance reasons but as the NAS is also backed up, it would have aided recovery to not have to fetch the off-site backups. The flip-side of this option is that it means if the server fails I lose access to the backups - so either way I have a single point of failure.

  • 31 Jan 2023 ReadyNas disaster recovery

    Last night my ReadyNas suddenly went read-only with the ominous sounding log message Jan 30, 2023 16:54:47 Volume: The volume data encountered an error and was made read-only. It is recommended to backup your data. - it looks like it ran out of RAM which ultimately caused BTRFS corruption. Despite 3 hours of attempting to recover, I was unable to repair the underlying BTRFS filesystem, so decided the only option was to reset the NAS (which would recreate the filesystem) and execute the disaster recovery (DR) plan.

Raid

  • 12 Feb 2023 Moving backup data off NAS

    Following on from my NAS disaster recovery post, I decided to fork out for some new hard disks and move the volume I backup to from the NAS to being internal to the server doing the backups. I had been considering this for performance reasons but as the NAS is also backed up, it would have aided recovery to not have to fetch the off-site backups. The flip-side of this option is that it means if the server fails I lose access to the backups - so either way I have a single point of failure.

Apache

Icingaweb

Lighttpd

Php

Php fpm

Accessibility

Dog friendly

Dogs

Eating out

Food

Pub

Restaurant

Review

Privacy

Software

Hp elitedesk 800 g2

Xrandr

  • 28 Mar 2023 Add missing mode to xrandr

    I tried to resize my display and discovered the mode I wanted was not available. Interestingly, the current mode was also not listed but that is a separate issue. Adding a new mode is not as straight-forward as I had hoped, so it is worth making a note (this post) of how to do it.

Social media

Twitter

Firmware

Hyper v

Zenity

  • 06 Apr 2023 Graphical progress feedback for Red Hat and Rocky kickstart post-scripts

    This post is about something I created and am genuine quite proud of. It creates a graphical progress bar to feedback on the progress of the %post section(s) in a kickstart installation script. I have used it with Red Hat and Rocky Linux distributions. It is an alternative to forcing a text install just to be able to programmatically chvt to the log in order to display custom script progress. It might seem simple but it took a lot of work and testing to get to a reliable solution.

Secure boot

  • 07 Apr 2023 Hyper-V and Linux (secure boot fail)

    I discovered, when I attempted to create my first Linux VM, Hyper-V not only has secure boot enabled (which is a good thing), it is set to only allow Microsoft Windows to boot (which is nasty). To restore standard secure boot behaviour, which permits any binary signed by the Microsoft UEFI CA to boot, the “Template” must be changed to Microsoft UEFI Certificate Authority (from the default Microsoft Windows). Once this is done, suitably signed (by Microsoft’s chain of trust) bootloaders will start.

Lsb

Podman

Scientific linux

Nagios

  • 16 Apr 2023 Linux healthcheck script

    On my systems at home I use Icinga2 to monitor health, adding new checks as and when I identify something I think needs checking or if a failure occurs that was not detected. Sometimes it is necessary to do some checks via other means, such as SLURM’s healthcheck program so it can be useful to have checks in script form. On previous systems, we have used the Nagios plugins that Icinga uses to minimise the maintenance overhead of have duplicated tests. The script will be written in bash and minimise dependencies on non-Coreutils files to try and keep it portable to different distributions.

Draytek

Fttc

Vdsl

Vigor 130

Ncsc

System administration

Bind

Chef

  • 22 Aug 2023 Automated Debian install

    This is another of those posts that I started and some time (measured in months) later I split up due to not having completed what I set out to do. My overall goal is to have a fully automated install that results in a system with disk encryption setup up but can be remotely unlocked and managed. The intention is that, in most circumstances, any of my systems could be reinstalled headlessly (that is, without plugging in a keyboard or monitor).

Kubernetes

Online courses

Suse

Training

Internet of things

  • 17 Oct 2023 Solar inverter wireless dongle install

    We had out new solar panels installed today, They were supplied by a company by Glow Green, although the install itself was handled by a subcontractor. I would recommend them, the experience I had was very smooth. I previously setup the network for the inverter’s data logging module but inevitably there were a few issues which this post is about.

  • 26 Sep 2023 Adding Solar VLAN

    We are getting solar panels installed and the system comes with an inverter that uses a WiFi module to connect to a cloud service. Having looked into published information online, I have concluded that the WiFi module is going nowhere near anything else on my network so I am creating a separate VLAN for it.

Solar

  • 17 Oct 2023 Solar inverter wireless dongle install

    We had out new solar panels installed today, They were supplied by a company by Glow Green, although the install itself was handled by a subcontractor. I would recommend them, the experience I had was very smooth. I previously setup the network for the inverter’s data logging module but inevitably there were a few issues which this post is about.

  • 26 Sep 2023 Adding Solar VLAN

    We are getting solar panels installed and the system comes with an inverter that uses a WiFi module to connect to a cloud service. Having looked into published information online, I have concluded that the WiFi module is going nowhere near anything else on my network so I am creating a separate VLAN for it.

Solis

  • 17 Oct 2023 Solar inverter wireless dongle install

    We had out new solar panels installed today, They were supplied by a company by Glow Green, although the install itself was handled by a subcontractor. I would recommend them, the experience I had was very smooth. I previously setup the network for the inverter’s data logging module but inevitably there were a few issues which this post is about.

  • 26 Sep 2023 Adding Solar VLAN

    We are getting solar panels installed and the system comes with an inverter that uses a WiFi module to connect to a cloud service. Having looked into published information online, I have concluded that the WiFi module is going nowhere near anything else on my network so I am creating a separate VLAN for it.

Hp elitedesk 800 g4

Glow green

Cis benchmark

  • 24 Oct 2023 Running CIS Benchmark Assessor on servers with Ansible

    I have recently been using the CIS Benchmark Assessor tool to validate the compliance of systems with the CIS Benchmarks. What I am looking at is ensuring compliance doesn’t get worse - 100% compliance would render the systems unusable so a balance is required. As a first step to automating compliance monitoring, I have automated the running of the tool and gathering reports using Ansible.

Cfengine

  • 29 Dec 2023 Using Ansible to find IP addresses for DHCP clients

    This post follows on from automating Debian install, picking up doing the post-install configuration from the point of having a (generic) baseline OS installed. I am using Ansible to do the post-installation configuration but any other configuration management tool could be used and I have personally used SaltStack, Puppet and cfengine to implement this approach (simple, minimal OS install handing off to configuration management tool to do host-specific customisation post-install) with a variety of Linux distributions. Reasons I like this approach include that all host-specific configuration and data is in one location, creating clarity about whether a setting or configuration comes from the install script (e.g. kickstart/preseed) or configuration management tool (or both), and all customisations being applied by the configuration management tool means those remain correct (and corrected by the tool if they deviate) throughout the lifetime of the system.

Networking

Dropbear

Initramfs

  • 03 Jan 2024 DHCP, IP addresses, client IDs and an identity crisis

    Following on from my post on looking up DHCP client IP addresses with Ansible, I had intermittent problems with hosts changing IP, which I initially observed if the OS was uncleanly shutdown. The root cause (discussed below) is that the Debian installer, the DHCP client used by initramfs for dropbear and OS DHCP client are not all using the same client id. In the situation I first saw this, I suspected that on a clean shutdown the OS’s DHCP client issues a release on the IP so it is available (and with very low IP churn in my development environments it happened to be issued again when it came back up) however on an unclean shutdown there was still a valid lease to the OS’s client id resulting in dropbear getting a different IP but post-unlock the OS (using the same client-id as the unreleased lease) recovered the “old” IP lease. I confirmed this hypothesis with empirical testing. In this post, I discuss why this is happening and use Ansible to dynamically configure the DHCP server to workaround the problem.

Rfc2131

Standards compliance

  • 03 Jan 2024 DHCP, IP addresses, client IDs and an identity crisis

    Following on from my post on looking up DHCP client IP addresses with Ansible, I had intermittent problems with hosts changing IP, which I initially observed if the OS was uncleanly shutdown. The root cause (discussed below) is that the Debian installer, the DHCP client used by initramfs for dropbear and OS DHCP client are not all using the same client id. In the situation I first saw this, I suspected that on a clean shutdown the OS’s DHCP client issues a release on the IP so it is available (and with very low IP churn in my development environments it happened to be issued again when it came back up) however on an unclean shutdown there was still a valid lease to the OS’s client id resulting in dropbear getting a different IP but post-unlock the OS (using the same client-id as the unreleased lease) recovered the “old” IP lease. I confirmed this hypothesis with empirical testing. In this post, I discuss why this is happening and use Ansible to dynamically configure the DHCP server to workaround the problem.

Pam

  • 13 Jan 2024 Disabling and re-renabling TOTP for sudo with Ansible

    I previously described how I configured TOTP using Google’s PAM module as a second factor for sudo. As I have been working with Ansible, which can use sudo throughout the execution of a playbook taking longer than the TOTP is valid for this can be a problem. While I am still developing my new setup, I have found it necessary to disable and re-enable the TOTP (falling back to the default of using the user account password for sudo), and have made two short playbooks that remove and re-add the configuration described in my previous post from 2019.

Dt92e

  • 13 Jan 2024 Binding Honeywell DT92E wireless thermostat to EvoHome controller

    Since January 2018 we have had a Honeywell EvoHome heating system which includes HR92 smart radiator valves. These valves control the water flow to the radiators and sense the room temperature, turning each room into its own heating zone. In two rooms this has been less than satisfactory - one has two radiators (its not clear how the system reconciles this but the net effect is that it is often too cold) and the other has a radiator largely concealed behind a unit. As someone put it online, the HR92 valves are “very good at sensing the temperature next to a hot radiator”. To improve this, I have added two DT92E wireless thermostats in the rooms where we were not happy with the temperature.

Evohome

  • 13 Jan 2024 Binding Honeywell DT92E wireless thermostat to EvoHome controller

    Since January 2018 we have had a Honeywell EvoHome heating system which includes HR92 smart radiator valves. These valves control the water flow to the radiators and sense the room temperature, turning each room into its own heating zone. In two rooms this has been less than satisfactory - one has two radiators (its not clear how the system reconciles this but the net effect is that it is often too cold) and the other has a radiator largely concealed behind a unit. As someone put it online, the HR92 valves are “very good at sensing the temperature next to a hot radiator”. To improve this, I have added two DT92E wireless thermostats in the rooms where we were not happy with the temperature.

Hr92

  • 13 Jan 2024 Binding Honeywell DT92E wireless thermostat to EvoHome controller

    Since January 2018 we have had a Honeywell EvoHome heating system which includes HR92 smart radiator valves. These valves control the water flow to the radiators and sense the room temperature, turning each room into its own heating zone. In two rooms this has been less than satisfactory - one has two radiators (its not clear how the system reconciles this but the net effect is that it is often too cold) and the other has a radiator largely concealed behind a unit. As someone put it online, the HR92 valves are “very good at sensing the temperature next to a hot radiator”. To improve this, I have added two DT92E wireless thermostats in the rooms where we were not happy with the temperature.

Honeywell

  • 13 Jan 2024 Binding Honeywell DT92E wireless thermostat to EvoHome controller

    Since January 2018 we have had a Honeywell EvoHome heating system which includes HR92 smart radiator valves. These valves control the water flow to the radiators and sense the room temperature, turning each room into its own heating zone. In two rooms this has been less than satisfactory - one has two radiators (its not clear how the system reconciles this but the net effect is that it is often too cold) and the other has a radiator largely concealed behind a unit. As someone put it online, the HR92 valves are “very good at sensing the temperature next to a hot radiator”. To improve this, I have added two DT92E wireless thermostats in the rooms where we were not happy with the temperature.

Rants

  • 13 Jan 2024 Binding Honeywell DT92E wireless thermostat to EvoHome controller

    Since January 2018 we have had a Honeywell EvoHome heating system which includes HR92 smart radiator valves. These valves control the water flow to the radiators and sense the room temperature, turning each room into its own heating zone. In two rooms this has been less than satisfactory - one has two radiators (its not clear how the system reconciles this but the net effect is that it is often too cold) and the other has a radiator largely concealed behind a unit. As someone put it online, the HR92 valves are “very good at sensing the temperature next to a hot radiator”. To improve this, I have added two DT92E wireless thermostats in the rooms where we were not happy with the temperature.

Youtube

  • 13 Jan 2024 Binding Honeywell DT92E wireless thermostat to EvoHome controller

    Since January 2018 we have had a Honeywell EvoHome heating system which includes HR92 smart radiator valves. These valves control the water flow to the radiators and sense the room temperature, turning each room into its own heating zone. In two rooms this has been less than satisfactory - one has two radiators (its not clear how the system reconciles this but the net effect is that it is often too cold) and the other has a radiator largely concealed behind a unit. As someone put it online, the HR92 valves are “very good at sensing the temperature next to a hot radiator”. To improve this, I have added two DT92E wireless thermostats in the rooms where we were not happy with the temperature.

Dnssec

  • 04 Apr 2024 Mirror proxy for limited access networks

    In my new network design, I crate a new VLAN that, for security, I did not want to provide a default route to, or routed access to anything outside my network. However the new VM hosts within still need to be able to get their packages and updates. So, I want to provide limited internet access via a very restrictive “whitelist” proxy with strict rules on what can be accessed (initially just deb.debian.org). I may even make this an authenticating proxy, in the future.

Privoxy

  • 04 Apr 2024 Mirror proxy for limited access networks

    In my new network design, I crate a new VLAN that, for security, I did not want to provide a default route to, or routed access to anything outside my network. However the new VM hosts within still need to be able to get their packages and updates. So, I want to provide limited internet access via a very restrictive “whitelist” proxy with strict rules on what can be accessed (initially just deb.debian.org). I may even make this an authenticating proxy, in the future.

Squid

  • 04 Apr 2024 Mirror proxy for limited access networks

    In my new network design, I crate a new VLAN that, for security, I did not want to provide a default route to, or routed access to anything outside my network. However the new VM hosts within still need to be able to get their packages and updates. So, I want to provide limited internet access via a very restrictive “whitelist” proxy with strict rules on what can be accessed (initially just deb.debian.org). I may even make this an authenticating proxy, in the future.

Kea

Hosts

Nftables

Cephfs

  • 21 May 2024 CephFS on Proxmox Virtual Environment

    One of the things I did not setup in my new ProxmoxVE cluster was CephFS. To start with, I PXE booted my VMs into an installer but I wanted to experiment with trying to get Grub to chainload another distribution’s shim to load their kernel (spoiler alert: without success). The easiest way I thought to play with this was to boot from a Fedora install CD, whose Grub has tftp and http support, and try to chainload a Debian installer. In order to quickly do this, I wanted to attach an ISO to a new VM (as Fedora isn’t available via my PXE server and I thought this would be convenient for the future) which required setting up CephFS to store the ISO.

Fedora

  • 21 May 2024 CephFS on Proxmox Virtual Environment

    One of the things I did not setup in my new ProxmoxVE cluster was CephFS. To start with, I PXE booted my VMs into an installer but I wanted to experiment with trying to get Grub to chainload another distribution’s shim to load their kernel (spoiler alert: without success). The easiest way I thought to play with this was to boot from a Fedora install CD, whose Grub has tftp and http support, and try to chainload a Debian installer. In order to quickly do this, I wanted to attach an ISO to a new VM (as Fedora isn’t available via my PXE server and I thought this would be convenient for the future) which required setting up CephFS to store the ISO.

Cifs

Dot files

Ansible galaxy

Gpl

Revision control

Bsd

Jump host

Openbsd

Adhd

Disability

Health

Neurodiversity

Neurotypical

Ocd

Ptsd

School

Dates

  • 04 Oct 2024 Negative times in Excel

    For reasons I won’t go into, I use an Excel spreadsheet to track my time at work and transcribe it once a week to our hours recording system. Recently I modified it to include how many hours I had left allocated for this week to each project I was resourced to work on. When I “spent” more hours than allocated, this turned into a series of hash (#) marks - fortunately there was a simple way to have it display negative times instead.

Adhd australia

Adhd uk

Icinga2

  • 03 May 2025 Excluding path from disk checks in Icinga2

    One of my hosts had been showing DISK CRITICAL - /var/lib/containers/storage/overlay is not accessible: Permission denied for some time. As I don’t think I need this path monitored, I decided to exclude it from the check - this post described how (and how I worked out how).