Administering computer systems, automating admin and deployment, and reproducible ops and DevOps
This article details using the XCA GUI for creating private SSL certificates for enabling end-to-end SSL on non-public servers.
Keeping your DNS queries from your local network to public DNS servers private in transit by using DNS over TLS on a Raspberry Pi is ridiculously easy.
Most blog entries on SystemD timers give trivial samples. This article takes a different approach and provides the full details of two examples of using SystemD timers that are in active use on my systems.
For PowerShell on Windows, adding a security privilege to a user takes more effort than one would expect. Here we show a method with no third party dependencies.
The official Ubuntu images that are built for Azure/Hyper-V really are only compatible with Hyper-V on Azure, but there is a solution…
These are some personal notes about setting up a very nice combined Windows and Linux productivity and development environment.
These are notes on creating a Windows and Linux hybrid environment, specifically when running Windows in a Libvirt/KVM VM.
These are notes on creating a Windows and Linux hybrid environment, specifically when running Windows on a physical machine
Obtaining and/or creating Windows install media for Windows 10 Pro
A quick guide to a base install of windows, for completeness.
Some recommended first steps after a base install of Windows 10.
Windows post-install extra tweaks and recommendations
A guide to some of your options for your target install ’type’ when using Alpine Linux
This configuration is like diskless mode except that home, parts of /var, and others are mounted for persistence. Also, like a data install with only parts of /var made persistent.
home
/var
Use the setup-* scripts to setup networking for bootstrap package installation on Alpine Linux
You need to add the tools that will let you format/create one or more additional volumes/filesystems of your choice.
For a semi-{data,diskless} setup you need to modify the standard ‘setup-alpine’ procedure. Here we provide the details.
Once you are sure everything is correct for the initial boot into your configured system, commit (store) your changes.
Easily create an encrypted LVM ‘sys’ (aka ‘classic’) install using Alpine Linux 3.16.0
Cryptographically verify your Alpine Linux download
Various methods of partitioning storage media on the Linux command line (CLI)
Obtain the right Alpine Linux image for your Raspberry Pi model
Prepare the Alpine Linux bootstrap SD card for your Raspberry Pi using Gnome ‘Disks’
Copy the needed files to your SD card, from the Raspbery Pi tarball for Alpine Linux
Some systems might take an excessively long time to boot when no peripherals are attached (not only with the Pi series). In those cases it may be useful to add the rng-tools package to speed up the gathering of entropy.
It is an administrative best practise to avoid logging in and/or operating with elevated privileges, to the extent reasonable to do so. Therefore one needs a user that is not root for performing most operations.
Disallowing SSH login with only a username and password is a well known security best practise, therefore we implement it.
Where possible it is a best practise to safely check your filesystems before mounting them. Here we add the needed packages.
Unless you need headless, or unattended reboots or power up, it is highly recommended to use an encrypted configuration backup.
Information on setting kernel parameters for Alpine Linux
Tweaks to Alpine Linux for specific hardware including packages and kernel parameters
You should backup your system. Really. Oh, and it should be to at least one other system.
Add colour and context information to the ash prompt.
Tmux is a handy tool that gives the ability to have multiple (text) windows in a single terminal session, as well as persisting your session in case of disconnect.
The default MOTD is potentially confusing, and is annoying in any event, once you have set up your system.
Whether you want old school ARM (32-bit) or a shiny new UEFI ARM (32-bit) virtual machine in Libvirt/KVM, and automated or ‘manual’ creation, there is a way to get what you want. This post introduces the four ARMs and will point to the four posts as they are added.
Create a non-EFI (old school) ARM hardfloat virtual machine for Libvirt/KVM using a traditional interactive Debian install.
Create an UEFI (newish) ARM hardfloat (32-bit) virtual machine for Libvirt/KVM using a traditional interactive Debian install.
Create a non-EFI (old school) ARM hardfloat virtual machine for Libvirt/KVM using packer to automate a repeatable process.
Create an UEFI (newish) ARM hardfloat (32-bit) virtual machine for Libvirt/KVM using automated image build using Packer.
On using a Debian ‘cloud’ image and cloud-init on a ‘bare-metal’ host for fast deployment.
It can be especially useful to use network booting to create virtual machines without using install media on the VM. To do that we netboot with iPXE.
While the LBU mechanism with backups allows restoring to previous state it lacks commented history. It also does not apply to ‘sys’ mode installs.
For many systems you should have plenty of available RAM and storage to add the online documentation (mostly in the form of man pages).
man
For many users vi (the default editor for Alpine) is difficult and confusing to use.
vi
Tracking configuration changes in etckeeper is great, but even better is storing in an off-system private repository.
Using rest-server as repository for restic-based backups, on Alpine Linux
rest-server
restic
When using Docker to containerize internal services like Samba, LLMNR, or mDNS a.k.a Bonjour one may find that the standard Docker model of using specific unicast ports forwards, is insufficient.
Setting up an email relay that aliases addresses in various domains to a specific offsite user doesn’t have to mean backscatter. Here is one solution.
At some point you may need to upsize your PostgreSQL server, particular if you have implemented one on a old Raspberry Pi.
You may realize that you really wish you could start the Nextcloud instance from scratch without the hassle of a reinstall.
Setting up your own local Nextcloud can be useful for a number of reasons.
This article describes setting up a Raspberry Pi Model B+ as a private Gitea (lightweight Git hosting) server.
Raspberry Pi Model B+ as a PostgreSQL server with external storage.
Linux LVM thin pools and volumes initially seem to be a great way maximize the use of hard drive space by using only the space that is actually allocated to files. There is a major fly in the ointment though. Thin pools cannot be reduced in size.
You may find yourself in need of a ‘bare metal’ server. If the workload is not too demanding, a Raspberry Pi can be a good choice.
For small deployments the Raspberry Pi is for servers.