Why Ansible?
As part of an effort of standardising my home lab I decided to migrate my ad-hoc configuration scripts into a more standard tool set. So I looked at: puppet chef ...
Posts published by: alex
OpenTofu
Introduction Origins Why use OpenTofu Using OpenTofu ...
Inetd like service with systemd
This is an example of a socket-activated per-connection service (which is usually referred to as inetd-like service). A thorough explanation can be found at 0pointer.de. Define a socket unit The key point here is to specify Accept=yes, which will make the socket accept connections (behaving like inetd) and pass ...
Locking down SFTP
This is a small recipe to increase the security around a SFTP interface. In the /etc/ssh/sshd_config file include the following settings: Subsystem sftp internal-sftp This configures the sftp subsystem to use the internal sftp implementation. This is because inside the chroot, we usually will not have the normal ...
Python GUI
After looking a multiple options of GUI programming under python I eventually settled for tkinter. The main reason was that tkinter is very ubiquitous and initially though the learning curve wuld have shorter as I was very used to GUI programming using TCL/TK. Turned out that what I known TCL/TK did not translate ...
cisco bridging
This article is here as a reminder. So, for testing, I needed to configure a Cisco CSR1000V virtual router as a bridge. So I used a version 16 Cisco IOS XE image. To make my life easier I used the "wizard" that runs the first time to automatically configure bridgning. Ironically, this created an invalid ...
Tunneling NFS over SSH
This recipe is for tunneling NFS traffic over SSH. This adds encryption and Public Key authentication to otherwise insecure NFS traffic. For this recipe to work, requires NFSv4. Earlier versions were not tested, but I expect not all the functionality to work. server configuration ...
Optimizing shell scripts
Introduction Input Data Desired Output Approach Original Script ...
Happy New Year 2024
Best wishes for 2024! ...
IPv6 on 2023
This is a sequel to my article IPv6 blues. Layout Enabling forwarding Configure networking ...
File system encryption in Alpine Linux
This is similar to my previous article Encrypting Filesystem in Void Linux but for Alpine Linux The point of this recipe is to create a encrypted file sytem so that when the disc is disposed, it does not need to be securely erased. This is particularly important for SSD devices ...
Linux HDMI hotplug
Now in 2024 this is usually no longer needed. A more current solution is: https://github.com/phillipberndt/autorandr The point of this article is to document I workaround that I came ...
Getting the current proxy pac configuration
This is done using tcl for convenience. If you do not have it installed you can download freewrap executable and rename freewrap.exe to wish.exe or freewrapTCLSH.exe to tclsh.exe. Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ REG_SZ AutoConfigURL = https://<your url>/proxy.pac ...
Definiton of maturity
Maturity is: The ability to stick with a job until it’s finished. The ability to do a job without being supervised. The ability to carry money without spending it. And the ability to bear an injustice without wanting to get even. ...
Co-existing GLIBC binaries with Void-Linux MUSL edition
I am running void-linux at home with musl as the standard C library. While most things work well, there is a number of programs that do not and must be using glibc counterparts. To enable this I followed this guide here: Live switching Void Linux from glibc to musl. To set-up: ...
Calculate system availability
To calculate the availability of redundant systems you can use this formula: total_avail = 1-(1 - single_avail) ^ (number_of_nodes) Nodes: ...
Encrypting FileSystem in Void Linux
The point of this recipe is to create a encrypted file sytem so that when the disc is disposed, it does not need to be securely erased. This is particularly important for SSD devices since because of block remapping (for wear levelling) data can't be overwritten consistently. The idea is that the boot/root filesystem containing the encryption ...
Third Party SimpleNote clients
An inventory of simplenote clients: SimpleNote clients: sncli nvpy notestack ...
10 tips for making documentation crystal clear
So you've some written excellent documentation. Now what? Now it's time to go back and edit it. When you first sit down to write your documentation, you want to focus on what you're trying to say instead of how you're saying it, but once that first draft is done it's time to go back and polish it up a little. One of my favorite ways to edit is to read what I've written aloud. ...
Writing Safe Shell scripts
Writing shell scripts leaves a lot of room to make mistakes, in ways that will cause your scripts to break on certain input, or (if some input is untrusted) open up security vulnerabilities. Here are some tips on how to make your shell scripts safer. Don't The simplest step is to avoid using shell at all. Many higher-level languages are both easier to write the code in in the first place, and avoid some of the issues that shell ...