Administering computer systems, automating admin and deployment, and reproducible ops and DevOps
On using a Debian ‘cloud’ image and cloud-init on a ‘bare-metal’ host for fast deployment.
On using Packer to create the base images Daniel uses for personal ‘cloud’ infrastructure.
Whether you want old school ARM (32-bit) or a shiny new UEFI ARM (32-bit) virtual machine in Libvirt/KVM, and automated or ‘manual’ creation, there is a way to get what you want. This post introduces the four ARMs and will point to the four posts as they are added.
Create a non-EFI (old school) ARM hardfloat virtual machine for Libvirt/KVM using a traditional interactive Debian install.
Create an UEFI (newish) ARM hardfloat (32-bit) virtual machine for Libvirt/KVM using a traditional interactive Debian install.
Create a non-EFI (old school) ARM hardfloat virtual machine for Libvirt/KVM using packer to automate a repeatable process.
Create an UEFI (newish) ARM hardfloat (32-bit) virtual machine for Libvirt/KVM using automated image build using Packer.
This article details using the XCA GUI for creating private SSL certificates for enabling end-to-end SSL on non-public servers.
Keeping your DNS queries from your local network to public DNS servers private in transit by using DNS over TLS on a Raspberry Pi is ridiculously easy.
Most blog entries on SystemD timers give trivial samples. This article takes a different approach and provides the full details of two examples of using SystemD timers that are in active use on my systems.
Linux network monitoring presentation using munin and nagios circa 2006
These are some personal notes about setting up a very nice combined Windows and Linux productivity and development environment.
These are notes on creating a Windows and Linux hybrid environment, specifically when running Windows in a Libvirt/KVM VM.
These are notes on creating a Windows and Linux hybrid environment, specifically when running Windows on a physical machine
Obtaining and/or creating Windows install media for Windows 10 Pro
A quick guide to a base install of windows, for completeness.
Some recommended first steps after a base install of Windows 10.
Windows post-install extra tweaks and recommendations
Generating OVH API tokens for use with Terraform and other applications.
Since OpenStackSDK should theoretically make life easier for doing Infrastructure via Code, this is approach which which this learning effort has begun.
We start with a separate script that only generates userdata (no instance creation).
Further improvements to an OpenStackSDK-based ‘bare bones’ instance deployment
Adding security groups to an OpenStackSDK-based instance deployment
The final stage of the ‘bare bones’ OpenStackSDK deployment
Adding more a complete template to an OpenSDK-based templated instance deployment
This page was intended to complete the OpenStack SDK with templated userdata portion of this Infrastructure via Code set
A guide to some of your options for your target install ’type’ when using Alpine Linux
This configuration is like diskless mode except that home, parts of /var, and others are mounted for persistence. Also, like a data install with only parts of /var made persistent.
home
/var
Use the setup-* scripts to setup networking for bootstrap package installation on Alpine Linux
You need to add the tools that will let you format/create one or more additional volumes/filesystems of your choice.
For a semi-{data,diskless} setup you need to modify the standard ‘setup-alpine’ procedure. Here we provide the details.
Once you are sure everything is correct for the initial boot into your configured system, commit (store) your changes.
Easily create an encrypted LVM ‘sys’ (aka ‘classic’) install using Alpine Linux 3.16.0
Cryptographically verify your Alpine Linux download
Various methods of partitioning storage media on the Linux command line (CLI)
Obtain the right Alpine Linux image for your Raspberry Pi model
Prepare the Alpine Linux bootstrap SD card for your Raspberry Pi using Gnome ‘Disks’
Copy the needed files to your SD card, from the Raspbery Pi tarball for Alpine Linux
Some systems might take an excessively long time to boot when no peripherals are attached (not only with the Pi series). In those cases it may be useful to add the rng-tools package to speed up the gathering of entropy.
It is an administrative best practise to avoid logging in and/or operating with elevated privileges, to the extent reasonable to do so. Therefore one needs a user that is not root for performing most operations.
Disallowing SSH login with only a username and password is a well known security best practise, therefore we implement it.
Where possible it is a best practise to safely check your filesystems before mounting them. Here we add the needed packages.
Unless you need headless, or unattended reboots or power up, it is highly recommended to use an encrypted configuration backup.
Information on setting kernel parameters for Alpine Linux
Tweaks to Alpine Linux for specific hardware including packages and kernel parameters
You should backup your system. Really. Oh, and it should be to at least one other system.
Add colour and context information to the ash prompt.
Tmux is a handy tool that gives the ability to have multiple (text) windows in a single terminal session, as well as persisting your session in case of disconnect.
The default MOTD is potentially confusing, and is annoying in any event, once you have set up your system.
Both this site’s homes have been moved to different hosting. That is both the code and web hosting have changed. OVH is the new CDN and web host and GitHub stores the source code.
A recent storm in which lightning struck rather close to my residence, and fried various bits of networking equipment, caused a whole different type of migratory nerding.
It can be especially useful to use network booting to create virtual machines without using install media on the VM. To do that we netboot with iPXE.
While the LBU mechanism with backups allows restoring to previous state it lacks commented history. It also does not apply to ‘sys’ mode installs.
For many systems you should have plenty of available RAM and storage to add the online documentation (mostly in the form of man pages).
man
For many users vi (the default editor for Alpine) is difficult and confusing to use.
vi
Tracking configuration changes in etckeeper is great, but even better is storing in an off-system private repository.
Using rest-server as repository for restic-based backups, on Alpine Linux
rest-server
restic
When using Docker to containerize internal services like Samba, LLMNR, or mDNS a.k.a Bonjour one may find that the standard Docker model of using specific unicast ports forwards, is insufficient.
Setting up an email relay that aliases addresses in various domains to a specific offsite user doesn’t have to mean backscatter. Here is one solution.
The official Ubuntu images that are built for Azure/Hyper-V really are only compatible with Hyper-V on Azure, but there is a solution…
At some point you may need to upsize your PostgreSQL server, particular if you have implemented one on a old Raspberry Pi.
You may realize that you really wish you could start the Nextcloud instance from scratch without the hassle of a reinstall.
Setting up your own local Nextcloud can be useful for a number of reasons.
The Intel NUC (and boards based on the same SoC) are quite powerful for their price point, and use less electricity than even a mini tower.
This article describes setting up a Raspberry Pi Model B+ as a private Gitea (lightweight Git hosting) server.
Raspberry Pi Model B+ as a PostgreSQL server with external storage.
I was tired excessive bot traffic spamming my logs, so I learned how to reduce the noise in my logs.
So far the upshot of this is to not expect a simple Export/Import process with WordPress, especially when it comes to the Media Library, if one wants to rebuild a site at the same domain, rather than a domain move, with the previous domain still active.
Linux LVM thin pools and volumes initially seem to be a great way maximize the use of hard drive space by using only the space that is actually allocated to files. There is a major fly in the ointment though. Thin pools cannot be reduced in size.
Public git self hosting can be desirable. Here we discuss a very lightweight alternative.
You may find yourself in need of a ‘bare metal’ server. If the workload is not too demanding, a Raspberry Pi can be a good choice.
For small deployments the Raspberry Pi is for servers.
A guide to configuring a static web server using Lighttpd on CentOS 7
CentOS 7 has been a stable and reliable choice for VPS servers. This guide shows how to install it on an OVH VPS (Virtual Private Server)
For your self-hosted systems there are likely hosts you don’t want internet-connected, but you still want to be able to do package installs and updates.
Often you don’t need a full mirror of CentOS and/or EPEL, so we give a working example of a partial mirror and custom repository setup.