From 20a724e59b6e35f83a8360abcd4996422877cb02 Mon Sep 17 00:00:00 2001 From: Dave Gallant Date: Thu, 16 Jun 2022 11:22:17 -0400 Subject: [PATCH] Update wording of backing-up-gmail-with-synology.md --- .../post/backing-up-gmail-with-synology.md | 2 +- public/404.html | 2 +- public/about/index.html | 2 +- public/authors/index.html | 2 +- .../16/appgate-sdp-on-arch-linux/index.html | 135 ++++++----- .../06/what-to-do-with-a-homelab/index.html | 2 +- .../08/why-i-threw-out-my-dotfiles/index.html | 224 +++++++++--------- .../index.html | 2 +- .../index.html | 102 ++++---- .../running-k3s-in-lxc-on-proxmox/index.html | 88 +++---- .../backing-up-gmail-with-synology/index.html | 4 +- .../index.html | 2 +- public/index.html | 2 +- public/page/index.html | 2 +- public/page/page/1/index.html | 11 +- public/page/search/index.html | 2 +- public/page/search/index.json | 2 +- public/post/index.html | 2 +- public/post/page/1/index.html | 11 +- public/tags/adguard/index.html | 2 +- public/tags/adguard/page/1/index.html | 11 +- public/tags/aws-vault/index.html | 2 +- public/tags/aws-vault/page/1/index.html | 11 +- public/tags/aws/index.html | 2 +- public/tags/aws/page/1/index.html | 11 +- public/tags/backup/index.html | 2 +- public/tags/backup/page/1/index.html | 11 +- public/tags/containers/index.html | 2 +- public/tags/containers/page/1/index.html | 11 +- public/tags/degoogle/index.html | 2 +- public/tags/degoogle/page/1/index.html | 11 +- public/tags/docker/index.html | 2 +- public/tags/docker/page/1/index.html | 11 +- public/tags/dotfiles/index.html | 2 +- public/tags/dotfiles/page/1/index.html | 11 +- public/tags/gmail/index.html | 2 +- public/tags/gmail/page/1/index.html | 11 +- public/tags/grafana/index.html | 2 +- public/tags/grafana/page/1/index.html | 11 +- public/tags/home-manager/index.html | 2 +- public/tags/home-manager/page/1/index.html | 11 +- public/tags/homelab/index.html | 2 +- public/tags/homelab/page/1/index.html | 11 +- public/tags/index.html | 2 +- public/tags/jellyfin/index.html | 2 +- public/tags/jellyfin/page/1/index.html | 11 +- public/tags/k3s/index.html | 2 +- public/tags/k3s/page/1/index.html | 11 +- public/tags/linux/index.html | 2 +- public/tags/linux/page/1/index.html | 11 +- public/tags/lxc/index.html | 2 +- public/tags/lxc/page/1/index.html | 11 +- public/tags/netdata/index.html | 2 +- public/tags/netdata/page/1/index.html | 11 +- public/tags/nix/index.html | 2 +- public/tags/nix/page/1/index.html | 11 +- public/tags/openwrt/index.html | 2 +- public/tags/openwrt/page/1/index.html | 11 +- public/tags/pfsense/index.html | 2 +- public/tags/pfsense/page/1/index.html | 11 +- public/tags/pihole/index.html | 2 +- public/tags/pihole/page/1/index.html | 11 +- public/tags/plex/index.html | 2 +- public/tags/plex/page/1/index.html | 11 +- public/tags/podman/index.html | 2 +- public/tags/podman/page/1/index.html | 11 +- public/tags/proxmox/index.html | 2 +- public/tags/proxmox/page/1/index.html | 11 +- public/tags/python/index.html | 2 +- public/tags/python/page/1/index.html | 11 +- public/tags/ransomware/index.html | 2 +- public/tags/ransomware/page/1/index.html | 11 +- public/tags/router-on-a-stick/index.html | 2 +- .../tags/router-on-a-stick/page/1/index.html | 11 +- public/tags/router/index.html | 2 +- public/tags/router/page/1/index.html | 11 +- public/tags/security/index.html | 2 +- public/tags/security/page/1/index.html | 11 +- public/tags/synology/index.html | 2 +- public/tags/synology/page/1/index.html | 11 +- public/tags/tailscale/index.html | 2 +- public/tags/tailscale/page/1/index.html | 11 +- public/tags/virtualization/index.html | 2 +- public/tags/virtualization/page/1/index.html | 11 +- public/tags/vlan/index.html | 2 +- public/tags/vlan/page/1/index.html | 11 +- public/tags/vpn/index.html | 2 +- public/tags/vpn/page/1/index.html | 11 +- 88 files changed, 683 insertions(+), 360 deletions(-) diff --git a/content/post/backing-up-gmail-with-synology.md b/content/post/backing-up-gmail-with-synology.md index d845925b..1d191d73 100644 --- a/content/post/backing-up-gmail-with-synology.md +++ b/content/post/backing-up-gmail-with-synology.md @@ -71,4 +71,4 @@ Encrypting your shared volumes should also be done, since unfortunately [DSM doe ## Summary -Having backups of various forms of cloud data is a good investment, especially in these [uncertain times](https://en.wikipedia.org/wiki/2022_Ukraine_cyberattacks). I certainly feel more at ease for having backed up my emails. +Having backups of various forms of cloud data is a good investment, especially in [times of war](https://en.wikipedia.org/wiki/2022_Ukraine_cyberattacks). I certainly feel more at ease for having backed up my emails. diff --git a/public/404.html b/public/404.html index 285dad6d..da6f733b 100644 --- a/public/404.html +++ b/public/404.html @@ -11,7 +11,7 @@ - + This page no longer exists, or maybe it never did? Try https://archive.org? • davegallant diff --git a/public/about/index.html b/public/about/index.html index b34daa47..9c0bab79 100644 --- a/public/about/index.html +++ b/public/about/index.html @@ -11,7 +11,7 @@ - + About • davegallant diff --git a/public/authors/index.html b/public/authors/index.html index 41632e24..d853ac2d 100644 --- a/public/authors/index.html +++ b/public/authors/index.html @@ -11,7 +11,7 @@ - + Authors • davegallant diff --git a/public/blog/2020/03/16/appgate-sdp-on-arch-linux/index.html b/public/blog/2020/03/16/appgate-sdp-on-arch-linux/index.html index d4b83cfc..9388be0b 100644 --- a/public/blog/2020/03/16/appgate-sdp-on-arch-linux/index.html +++ b/public/blog/2020/03/16/appgate-sdp-on-arch-linux/index.html @@ -11,7 +11,7 @@ - + AppGate SDP on Arch Linux • davegallant @@ -312,82 +312,81 @@ As of right now, the latest AUR is 4.2.2-1.

These steps highlight how to get it working with Python3.8 by making a 1 line modification to AppGate source code.

Packaging

We already know the community package is currently out of date, so let’s clone it:

-
git clone https://aur.archlinux.org/appgate-sdp.git
-cd appgate-sdp
-

You’ll likely notice that the version is not what we want, so let’s modify the PKGBUILD to the following:

-
# Maintainer: Pawel Mosakowski <pawel at mosakowski dot net>
-pkgname=appgate-sdp
-conflicts=('appgate-sdp-headless')
-pkgver=4.3.2
-_download_pkgver=4.3
-pkgrel=1
-epoch=
-pkgdesc="Software Defined Perimeter - GUI client"
-arch=('x86_64')
-url="https://www.cyxtera.com/essential-defense/appgate-sdp/support"
-license=('custom')
-# dependecies calculated by namcap
-depends=('gconf' 'libsecret' 'gtk3' 'python' 'nss' 'libxss' 'nodejs' 'dnsmasq')
-source=("https://sdpdownloads.cyxtera.com/AppGate-SDP-${_download_pkgver}/clients/${pkgname}_${pkgver}_amd64.deb"
-        "appgatedriver.service")
-options=(staticlibs)
-prepare() {
-    tar -xf data.tar.xz
-}
-package() {
-    cp -dpr "${srcdir}"/{etc,lib,opt,usr} "${pkgdir}"
-    mv -v "$pkgdir/lib/systemd/system" "$pkgdir/usr/lib/systemd/"
-    rm -vrf "$pkgdir/lib"
-    cp -v "$srcdir/appgatedriver.service" "$pkgdir/usr/lib/systemd/system/appgatedriver.service"
-    mkdir -vp "$pkgdir/usr/share/licenses/appgate-sdp"
-    cp -v "$pkgdir/usr/share/doc/appgate/copyright" "$pkgdir/usr/share/licenses/appgate-sdp"
-    cp -v "$pkgdir/usr/share/doc/appgate/LICENSE.github" "$pkgdir/usr/share/licenses/appgate-sdp"
-    cp -v "$pkgdir/usr/share/doc/appgate/LICENSES.chromium.html.bz2" "$pkgdir/usr/share/licenses/appgate-sdp"
-}
-md5sums=('17101aac7623c06d5fbb95f50cf3dbdc'
-         '002644116e20b2d79fdb36b7677ab4cf')
-
-

Let’s first make sure we have some dependencies. If you do not have yay, check it out.

-
yay -S dnsmasq gconf
-

Now, let’s install it:

-
makepkg -si
-

Running the client

+
git clone https://aur.archlinux.org/appgate-sdp.git
+cd appgate-sdp
+

You’ll likely notice that the version is not what we want, so let’s modify the PKGBUILD to the following:

+
# Maintainer: Pawel Mosakowski <pawel at mosakowski dot net>
+pkgname=appgate-sdp
+conflicts=('appgate-sdp-headless')
+pkgver=4.3.2
+_download_pkgver=4.3
+pkgrel=1
+epoch=
+pkgdesc="Software Defined Perimeter - GUI client"
+arch=('x86_64')
+url="https://www.cyxtera.com/essential-defense/appgate-sdp/support"
+license=('custom')
+# dependecies calculated by namcap
+depends=('gconf' 'libsecret' 'gtk3' 'python' 'nss' 'libxss' 'nodejs' 'dnsmasq')
+source=("https://sdpdownloads.cyxtera.com/AppGate-SDP-${_download_pkgver}/clients/${pkgname}_${pkgver}_amd64.deb"
+        "appgatedriver.service")
+options=(staticlibs)
+prepare() {
+    tar -xf data.tar.xz
+}
+package() {
+    cp -dpr "${srcdir}"/{etc,lib,opt,usr} "${pkgdir}"
+    mv -v "$pkgdir/lib/systemd/system" "$pkgdir/usr/lib/systemd/"
+    rm -vrf "$pkgdir/lib"
+    cp -v "$srcdir/appgatedriver.service" "$pkgdir/usr/lib/systemd/system/appgatedriver.service"
+    mkdir -vp "$pkgdir/usr/share/licenses/appgate-sdp"
+    cp -v "$pkgdir/usr/share/doc/appgate/copyright" "$pkgdir/usr/share/licenses/appgate-sdp"
+    cp -v "$pkgdir/usr/share/doc/appgate/LICENSE.github" "$pkgdir/usr/share/licenses/appgate-sdp"
+    cp -v "$pkgdir/usr/share/doc/appgate/LICENSES.chromium.html.bz2" "$pkgdir/usr/share/licenses/appgate-sdp"
+}
+md5sums=('17101aac7623c06d5fbb95f50cf3dbdc'
+         '002644116e20b2d79fdb36b7677ab4cf')
+

Let’s first make sure we have some dependencies. If you do not have yay, check it out.

+
yay -S dnsmasq gconf
+

Now, let’s install it:

+
makepkg -si
+

Running the client

Ok, let’s run the client by executing appgate.

It complains about not being able to connect.

Easy fix:

-
sudo systemctl start appgatedriver.service
-

Now we should be connected… but DNS is not working?

+
sudo systemctl start appgatedriver.service
+

Now we should be connected… but DNS is not working?

Fixing the DNS

Running resolvectl should display that something is not right.

Why is the DNS not being set by appgate?

-
$ head -3 /opt/appgate/linux/set_dns
-#!/usr/bin/env python3
-'''
-This is used to set and unset the DNS.
-

It seems like python3 is required for the DNS setting to happen. +

$ head -3 /opt/appgate/linux/set_dns
+#!/usr/bin/env python3
+'''
+This is used to set and unset the DNS.
+

It seems like python3 is required for the DNS setting to happen. Let’s try to run it.

-
$ sudo /opt/appgate/linux/set_dns
-/opt/appgate/linux/set_dns:88: SyntaxWarning: "is" with a literal. Did you mean "=="?
-  servers = [( socket.AF_INET if x.version is 4 else socket.AF_INET6, map(int, x.packed)) for x in servers]
-Traceback (most recent call last):
-  File "/opt/appgate/linux/set_dns", line 30, in <module>
-    import dbus
-ModuleNotFoundError: No module named 'dbus'
-

Ok, let’s install it:

-
$ sudo python3.8 -m pip install dbus-python
-

Will it work now? Not yet. There’s another issue:

-
$ sudo /opt/appgate/linux/set_dns
-/opt/appgate/linux/set_dns:88: SyntaxWarning: "is" with a literal. Did you mean "=="?
-  servers = [( socket.AF_INET if x.version is 4 else socket.AF_INET6, map(int, x.packed)) for x in servers]
-module 'platform' has no attribute 'linux_distribution'
-

This is a breaking change in Python3.8.

+
$ sudo /opt/appgate/linux/set_dns
+/opt/appgate/linux/set_dns:88: SyntaxWarning: "is" with a literal. Did you mean "=="?
+  servers = [( socket.AF_INET if x.version is 4 else socket.AF_INET6, map(int, x.packed)) for x in servers]
+Traceback (most recent call last):
+  File "/opt/appgate/linux/set_dns", line 30, in <module>
+    import dbus
+ModuleNotFoundError: No module named 'dbus'
+

Ok, let’s install it:

+
$ sudo python3.8 -m pip install dbus-python
+

Will it work now? Not yet. There’s another issue:

+
$ sudo /opt/appgate/linux/set_dns
+/opt/appgate/linux/set_dns:88: SyntaxWarning: "is" with a literal. Did you mean "=="?
+  servers = [( socket.AF_INET if x.version is 4 else socket.AF_INET6, map(int, x.packed)) for x in servers]
+module 'platform' has no attribute 'linux_distribution'
+

This is a breaking change in Python3.8.

So what is calling platform.linux_distribution?

Let’s search for it:

-
$ sudo grep -r 'linux_distribution' /opt/appgate/linux/
-/opt/appgate/linux/nm.py:    if platform.linux_distribution()[0] != 'Fedora':
-

Aha! So this is in the local AppGate source code. This should be an easy fix. Let’s just replace this line with:

-
if True: # Since we are not using Fedora :)
-

Wrapping up

+
$ sudo grep -r 'linux_distribution' /opt/appgate/linux/
+/opt/appgate/linux/nm.py:    if platform.linux_distribution()[0] != 'Fedora':
+

Aha! So this is in the local AppGate source code. This should be an easy fix. Let’s just replace this line with:

+
if True: # Since we are not using Fedora :)
+

Wrapping up

It turns out there are breaking changes in Python3.8.

The docs say Deprecated since version 3.5, will be removed in version 3.8: See alternative like the distro package.

I suppose this highlights one of the caveats of relying upon the system’s python, rather than having an isolated, dedicated environment for all dependencies.

diff --git a/public/blog/2021/09/06/what-to-do-with-a-homelab/index.html b/public/blog/2021/09/06/what-to-do-with-a-homelab/index.html index af9673b3..52137f02 100644 --- a/public/blog/2021/09/06/what-to-do-with-a-homelab/index.html +++ b/public/blog/2021/09/06/what-to-do-with-a-homelab/index.html @@ -11,7 +11,7 @@ - + What To Do With A Homelab • davegallant diff --git a/public/blog/2021/09/08/why-i-threw-out-my-dotfiles/index.html b/public/blog/2021/09/08/why-i-threw-out-my-dotfiles/index.html index 4ab98eee..f2bd1cbf 100644 --- a/public/blog/2021/09/08/why-i-threw-out-my-dotfiles/index.html +++ b/public/blog/2021/09/08/why-i-threw-out-my-dotfiles/index.html @@ -11,7 +11,7 @@ - + Why I Threw Out My Dotfiles • davegallant @@ -310,9 +310,9 @@ if (!doNotTrack) {

What is home-manager?

Before understanding home-manager, it is worth briefly discussing what nix is. nix is a package manager that originally spawned from a PhD thesis. Unlike other package managers, it uses symbolic links to keep track of the currently installed packages, keeping around the old ones in case you may want to rollback.

For example, I have used nix to install the package bind which includes dig. You can see that it is available on multiple platforms. The absolute path of dig can be found by running:

-
$ ls -lh $(which dig)
-lrwxr-xr-x 73 root 31 Dec  1969 /run/current-system/sw/bin/dig -> /nix/store/0r4qdyprljd3dki57jn6c6a8dh2rbg9g-bind-9.16.16-dnsutils/bin/dig
-

Notice that there is a hash included in the file path? This is a nix store path and is computed by the nix package manager. This nix pill does a good job explaining how this hash is computed. All of the nix pills are worth a read, if you are interested in learning more about nix itself. However, using home-manager does not require extensive knowledge of nix.

+
$ ls -lh $(which dig)
+lrwxr-xr-x 73 root 31 Dec  1969 /run/current-system/sw/bin/dig -> /nix/store/0r4qdyprljd3dki57jn6c6a8dh2rbg9g-bind-9.16.16-dnsutils/bin/dig
+

Notice that there is a hash included in the file path? This is a nix store path and is computed by the nix package manager. This nix pill does a good job explaining how this hash is computed. All of the nix pills are worth a read, if you are interested in learning more about nix itself. However, using home-manager does not require extensive knowledge of nix.

Part of the nix ecosystem includes nixpkgs. Many popular tools can be found already packaged in this repository. As you can see with these stats, there is a large number of existing packages that are being maintained by the community. Contributing a new package is easy, and anyone can do it!

home-manager leverages the nix package manager (and nixpkgs), as well the nix language so that you can declaratively define your system configuration. I store my nix-config in git so that I can keep track of my packages and configurations, and retain a clean and informative git commit history so that I can understand what changed and why.

Setting up home-manager

@@ -320,117 +320,117 @@ if (!doNotTrack) {

⚠️ If you run this on your main machine, make sure you backup your configuration files first. home-manager is pretty good about not overwriting existing configuration, but it is better to have a backup! Alternatively, you could test this out on a VM or cloud instance.

The first thing you should do is install nix:

-
curl -L https://nixos.org/nix/install | sh
-

It’s generally not a good idea to curl and execute files from the internet (without verifying integrity), so you might want to download the install script first and take a look before executing it!

+
curl -L https://nixos.org/nix/install | sh
+

It’s generally not a good idea to curl and execute files from the internet (without verifying integrity), so you might want to download the install script first and take a look before executing it!

Open up a new shell in your terminal and running nix should work. If not, run . ~/.nix-profile/etc/profile.d/nix.sh

Now, install home-manager:

-
nix-channel --add https://github.com/nix-community/home-manager/archive/master.tar.gz home-manager
-nix-channel --update
-nix-shell '<home-manager>' -A install
-

You should see a wave of /nix/store/* paths being displayed on your screen.

+
nix-channel --add https://github.com/nix-community/home-manager/archive/master.tar.gz home-manager
+nix-channel --update
+nix-shell '<home-manager>' -A install
+

You should see a wave of /nix/store/* paths being displayed on your screen.

Now, to start off with a basic configuration, open up ~/.config/nixpkgs/home.nix in the editor of your choice and paste this in (you will want to change userName and homeDirectory):

-
{ config, pkgs, ... }:
-
-{
-  programs.home-manager.enable = true;
-
-  home = {
-    username = "dave";
-    homeDirectory = "/home/dave";
-    stateVersion = "21.11";
-    packages = with pkgs; [
-      bind
-      exa
-      fd
-      ripgrep
-    ];
-  };
-
-  programs = {
-
-    git = {
-      enable = true;
-      aliases = {
-        aa = "add -A .";
-        br = "branch";
-        c = "commit -S";
-        ca = "commit -S --amend";
-        cb = "checkout -b";
-        co = "checkout";
-        d = "diff";
-        l =
-          "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
-      };
-
-      delta = {
-        enable = true;
-
-        options = {
-          features = "line-numbers decorations";
-          whitespace-error-style = "22 reverse";
-          plus-style = "green bold ul '#198214'";
-          decorations = {
-            commit-decoration-style = "bold yellow box ul";
-            file-style = "bold yellow ul";
-            file-decoration-style = "none";
-          };
-        };
-      };
-
-      extraConfig = {
-        push = { default = "current"; };
-        pull = { rebase = true; };
-      };
-
-    };
-
-    starship = {
-      enable = true;
-      enableZshIntegration = true;
-
-      settings = {
-        add_newline = false;
-        scan_timeout = 10;
-      };
-    };
-
-    zsh = {
-      enable = true;
-      enableAutosuggestions = true;
-      enableSyntaxHighlighting = true;
-      history.size = 1000000;
-
-      localVariables = {
-        CASE_SENSITIVE = "true";
-        DISABLE_UNTRACKED_FILES_DIRTY = "true";
-        RPROMPT = ""; # override because macOS defaults to filepath
-        ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=#838383,underline";
-        ZSH_DISABLE_COMPFIX = "true";
-      };
-
-      initExtra = ''
-        export PAGER=less
-      '';
-
-      shellAliases = {
-        ".." = "cd ..";
-        grep = "rg --smart-case";
-        ls = "exa -la --git";
-      };
-
-      "oh-my-zsh" = {
-        enable = true;
-        plugins = [
-          "gitfast"
-          "last-working-dir"
-        ];
-      };
-
-    };
-
-  };
-}
-

Save the file and run:

+
{ config, pkgs, ... }:
+
+{
+  programs.home-manager.enable = true;
+
+  home = {
+    username = "dave";
+    homeDirectory = "/home/dave";
+    stateVersion = "21.11";
+    packages = with pkgs; [
+      bind
+      exa
+      fd
+      ripgrep
+    ];
+  };
+
+  programs = {
+
+    git = {
+      enable = true;
+      aliases = {
+        aa = "add -A .";
+        br = "branch";
+        c = "commit -S";
+        ca = "commit -S --amend";
+        cb = "checkout -b";
+        co = "checkout";
+        d = "diff";
+        l =
+          "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
+      };
+
+      delta = {
+        enable = true;
+
+        options = {
+          features = "line-numbers decorations";
+          whitespace-error-style = "22 reverse";
+          plus-style = "green bold ul '#198214'";
+          decorations = {
+            commit-decoration-style = "bold yellow box ul";
+            file-style = "bold yellow ul";
+            file-decoration-style = "none";
+          };
+        };
+      };
+
+      extraConfig = {
+        push = { default = "current"; };
+        pull = { rebase = true; };
+      };
+
+    };
+
+    starship = {
+      enable = true;
+      enableZshIntegration = true;
+
+      settings = {
+        add_newline = false;
+        scan_timeout = 10;
+      };
+    };
+
+    zsh = {
+      enable = true;
+      enableAutosuggestions = true;
+      enableSyntaxHighlighting = true;
+      history.size = 1000000;
+
+      localVariables = {
+        CASE_SENSITIVE = "true";
+        DISABLE_UNTRACKED_FILES_DIRTY = "true";
+        RPROMPT = ""; # override because macOS defaults to filepath
+        ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=#838383,underline";
+        ZSH_DISABLE_COMPFIX = "true";
+      };
+
+      initExtra = ''
+        export PAGER=less
+      '';
+
+      shellAliases = {
+        ".." = "cd ..";
+        grep = "rg --smart-case";
+        ls = "exa -la --git";
+      };
+
+      "oh-my-zsh" = {
+        enable = true;
+        plugins = [
+          "gitfast"
+          "last-working-dir"
+        ];
+      };
+
+    };
+
+  };
+}
+

Save the file and run:

home-manager switch

You should see another wave of /nix/store/* paths. The new configuration should now be active.

If you run zsh, you should see that you have starship and access to several other utils such as rg, fd, and exa.

diff --git a/public/blog/2021/09/17/automatically-rotating-aws-access-keys/index.html b/public/blog/2021/09/17/automatically-rotating-aws-access-keys/index.html index 362ea725..e38f08b8 100644 --- a/public/blog/2021/09/17/automatically-rotating-aws-access-keys/index.html +++ b/public/blog/2021/09/17/automatically-rotating-aws-access-keys/index.html @@ -11,7 +11,7 @@ - + Automatically Rotating AWS Access Keys • davegallant diff --git a/public/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/index.html b/public/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/index.html index e4e4a093..f9530acc 100644 --- a/public/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/index.html +++ b/public/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/index.html @@ -11,7 +11,7 @@ - + Replacing docker with podman on macOS (and Linux) • davegallant @@ -321,65 +321,65 @@ if (!doNotTrack) {

I’ve also observed that so far my 2019 16" Macbook Pro hasn’t sounded like a jet engine, although I haven’t performed any disk-intensive operations yet.

Installing Podman

Running Podman on macOS is more involved than on Linux, because the podman-machine must run Linux inside of a virtual machine. Fortunately, the installation is made simple with brew (read this if you’re installing Podman on Linux):

-
brew install podman
-

The podman-machine must be started:

-
# This is not necessary on Linux
-podman machine init
-podman machine start
-

Running a container

+
brew install podman
+

The podman-machine must be started:

+
# This is not necessary on Linux
+podman machine init
+podman machine start
+

Running a container

Let’s try to pull an image:

-
$ podman pull alpine
-Trying to pull docker.io/library/alpine:latest...
-Getting image source signatures
-Copying blob sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e
-Copying config sha256:14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
-Writing manifest to image destination
-Storing signatures
-14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
-
+
$ podman pull alpine
+Trying to pull docker.io/library/alpine:latest...
+Getting image source signatures
+Copying blob sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e
+Copying config sha256:14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
+Writing manifest to image destination
+Storing signatures
+14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
+

If you’re having an issue pulling images, you may need to remove ~/.docker/config.json or remove the set of auths in the configuration as mentioned here.

and then run and exec into the container:

-
$ podman run --rm -ti alpine
-Error: error preparing container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b for attach: error configuring network namespace for container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b: error adding pod unruffled_bohr_unruffled_bohr to CNI network "podman": unexpected end of JSON input
-

What does this error mean? A bit of searching lead to this github issue.

+
$ podman run --rm -ti alpine
+Error: error preparing container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b for attach: error configuring network namespace for container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b: error adding pod unruffled_bohr_unruffled_bohr to CNI network "podman": unexpected end of JSON input
+

What does this error mean? A bit of searching lead to this github issue.

Until the fix is released, a workaround is to just specify a port (even when it’s not needed):

-
podman run -p 4242 --rm -ti alpine
-

If you’re reading this from the future, there is a good chance specifying a port won’t be needed.

+
podman run -p 4242 --rm -ti alpine
+

If you’re reading this from the future, there is a good chance specifying a port won’t be needed.

Another example of running a container with Podman can be found in the Jellyfin Documentation.

Aliasing docker with podman

Force of habit (or other scripts) may have you calling docker. To work around this:

-
alias docker=podman
-

podman-compose

+
alias docker=podman
+

podman-compose

You may be wondering: what about docker-compose? Well, there claims to be a drop-in replacement for it: podman-compose.

-
pip3 install --user podman-compose
-

Now let’s create a docker-compose.yml file to test:

-
cat << EOF >> docker-compose.yml
-version: '2'
-services:
-  hello_world:
-    image: ubuntu
-    command: [/bin/echo, 'Hello world']
-EOF
-

Now run:

-
$ podman-compose up
-podman pod create --name=davegallant.github.io --share net
-40d61dc6e95216c07d2b21cea6dcb30205bfcaf1260501fe652f05bddf7e595e
-0
-podman create --name=davegallant.github.io_hello_world_1 --pod=davegallant.github.io -l io.podman.compose.config-hash=123 -l io.podman.compose.project=davegallant.github.io -l io.podman.compose.version=0.0.1 -l com.docker.compose.container-number=1 -l com.docker.compose.service=hello_world --add-host hello_world:127.0.0.1 --add-host davegallant.github.io_hello_world_1:127.0.0.1 ubuntu /bin/echo Hello world
-Resolved "ubuntu" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
-Trying to pull docker.io/library/ubuntu:latest...
-Getting image source signatures
-Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
-Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
-Copying config sha256:597ce1600cf4ac5f449b66e75e840657bb53864434d6bd82f00b172544c32ee2
-Writing manifest to image destination
-Storing signatures
-1a68b2fed3fdf2037b7aef16d770f22929eec1d799219ce30541df7876918576
-0
-podman start -a davegallant.github.io_hello_world_1
-Hello world
-

This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.

+
pip3 install --user podman-compose
+

Now let’s create a docker-compose.yml file to test:

+
cat << EOF >> docker-compose.yml
+version: '2'
+services:
+  hello_world:
+    image: ubuntu
+    command: [/bin/echo, 'Hello world']
+EOF
+

Now run:

+
$ podman-compose up
+podman pod create --name=davegallant.github.io --share net
+40d61dc6e95216c07d2b21cea6dcb30205bfcaf1260501fe652f05bddf7e595e
+0
+podman create --name=davegallant.github.io_hello_world_1 --pod=davegallant.github.io -l io.podman.compose.config-hash=123 -l io.podman.compose.project=davegallant.github.io -l io.podman.compose.version=0.0.1 -l com.docker.compose.container-number=1 -l com.docker.compose.service=hello_world --add-host hello_world:127.0.0.1 --add-host davegallant.github.io_hello_world_1:127.0.0.1 ubuntu /bin/echo Hello world
+Resolved "ubuntu" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
+Trying to pull docker.io/library/ubuntu:latest...
+Getting image source signatures
+Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
+Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
+Copying config sha256:597ce1600cf4ac5f449b66e75e840657bb53864434d6bd82f00b172544c32ee2
+Writing manifest to image destination
+Storing signatures
+1a68b2fed3fdf2037b7aef16d770f22929eec1d799219ce30541df7876918576
+0
+podman start -a davegallant.github.io_hello_world_1
+Hello world
+

This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.

Summary

Installing Podman on macOS was not seamless, but it was manageable well within 30 minutes. I would recommend giving Podman a try to anyone who is unhappy with experiencing forced docker updates, or who is interested in using a more modern technology for running containers.

One caveat to mention is that there isn’t an official graphical user interface for Podman, but there is an open issue considering one. If you rely heavily on Docker Desktop’s UI, you may not be as interested in using podman yet.

diff --git a/public/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/index.html b/public/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/index.html index 53575be7..6b6f98cd 100644 --- a/public/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/index.html +++ b/public/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/index.html @@ -11,7 +11,7 @@ - + Running K3s in LXC on Proxmox • davegallant @@ -318,11 +318,11 @@ swapoff -a

It might be worth experimenting with swap enabled in the future to see how that might affect performance.

Enable IP Forwarding

To avoid IP Forwarding issues with Traefik, run the following on the host:

-
sudo sysctl net.ipv4.ip_forward=1
-sudo sysctl net.ipv6.conf.all.forwarding=1
-sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
-sudo sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf
-

Create LXC container

+
sudo sysctl net.ipv4.ip_forward=1
+sudo sysctl net.ipv6.conf.all.forwarding=1
+sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
+sudo sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf
+

Create LXC container

Create an LXC container in the Proxmox interface as you normally would. Remember to: