Ansible Best Practices
This is a conversion from a presentation/pdf by Tim Appnel. I attached a copy here too. Roles and Modules ...
Posts published by: alex
hoses: enhanced socks5 tools
Introduction Features Where to find Examples ...
OpenSSH Certificate Authority
Intro Creating CA Configuring Hosts Singing user public keys Using certificates ...
Why Ansible?
As part of an effort of standardising my home lab I decided to migrate my ad-hoc configuration scripts into a more standard tool set. So I looked at: puppet chef ...
OpenTofu
Introduction Origins Why use OpenTofu Using OpenTofu ...
Inetd like service with systemd
This is an example of a socket-activated per-connection service (which is usually referred to as inetd-like service). A thorough explanation can be found at 0pointer.de. Define a socket unit The key point here is to specify Accept=yes, which will make the socket accept connections (behaving like inetd) and pass ...
Locking down SFTP
This is a small recipe to increase the security around a SFTP interface. In the /etc/ssh/sshd_config file include the following settings: Subsystem sftp internal-sftp This configures the sftp subsystem to use the internal sftp implementation. This is because inside the chroot, we usually will not have the normal ...
Python GUI
After looking a multiple options of GUI programming under python I eventually settled for tkinter. The main reason was that tkinter is very ubiquitous and initially though the learning curve wuld have shorter as I was very used to GUI programming using TCL/TK. Turned out that what I known TCL/TK did not translate ...
cisco bridging
This article is here as a reminder. So, for testing, I needed to configure a Cisco CSR1000V virtual router as a bridge. So I used a version 16 Cisco IOS XE image. To make my life easier I used the "wizard" that runs the first time to automatically configure bridgning. Ironically, this created an invalid ...
Tunneling NFS over SSH
This recipe is for tunneling NFS traffic over SSH. This adds encryption and Public Key authentication to otherwise insecure NFS traffic. For this recipe to work, requires NFSv4. Earlier versions were not tested, but I expect not all the functionality to work. server configuration ...
Optimizing shell scripts
Introduction Input Data Desired Output Approach Original Script ...
Happy New Year 2024
Best wishes for 2024! ...
IPv6 on 2023
This is a sequel to my article IPv6 blues. Layout Enabling forwarding Configure networking ...
File system encryption in Alpine Linux
This is similar to my previous article Encrypting Filesystem in Void Linux but for Alpine Linux The point of this recipe is to create a encrypted file sytem so that when the disc is disposed, it does not need to be securely erased. This is particularly important for SSD devices ...
Linux HDMI hotplug
Now in 2024 this is usually no longer needed. A more current solution is: https://github.com/phillipberndt/autorandr The point of this article is to document I workaround that I came ...
Getting the current proxy pac configuration
This is done using tcl for convenience. If you do not have it installed you can download freewrap executable and rename freewrap.exe to wish.exe or freewrapTCLSH.exe to tclsh.exe. Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ REG_SZ AutoConfigURL = https://<your url>/proxy.pac ...
Definiton of maturity
Maturity is: The ability to stick with a job until it’s finished. The ability to do a job without being supervised. The ability to carry money without spending it. And the ability to bear an injustice without wanting to get even. ...
Co-existing GLIBC binaries with Void-Linux MUSL edition
I am running void-linux at home with musl as the standard C library. While most things work well, there is a number of programs that do not and must be using glibc counterparts. To enable this I followed this guide here: Live switching Void Linux from glibc to musl. To set-up: ...
Calculate system availability
To calculate the availability of redundant systems you can use this formula: total_avail = 1-(1 - single_avail) ^ (number_of_nodes) Nodes: ...
Encrypting FileSystem in Void Linux
The point of this recipe is to create a encrypted file sytem so that when the disc is disposed, it does not need to be securely erased. This is particularly important for SSD devices since because of block remapping (for wear levelling) data can't be overwritten consistently. The idea is that the boot/root filesystem containing the encryption ...