dave/site
1
0
Fork 0
mirror of https://github.com/davegallant/davegallant.github.io.git synced 2025-08-06 08:43:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update wording of backing-up-gmail-with-synology.md

Browse Source
This commit is contained in:
Dave Gallant
2022-06-16 11:22:17 -04:00
parent fe95266351
commit 20a724e59b
88 changed files with 683 additions and 360 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
public/blog/2020/03/16/appgate-sdp-on-arch-linux/index.html
View File

@@ -11,7 +11,7 @@
<meta property='og:site_name' content='davegallant'>
<meta property='og:type' content='article'><meta property='article:section' content='post'><meta property='article:tag' content='linux'><meta property='article:tag' content='vpn'><meta property='article:tag' content='python'><meta property='article:published_time' content='2020-03-16T22:00:15-04:00'/><meta property='article:modified_time' content='2020-03-16T22:00:15-04:00'/><meta name='twitter:card' content='summary'>
<meta name="generator" content="Hugo 0.92.2" />
<meta name="generator" content="Hugo 0.99.1" />
<title>AppGate SDP on Arch Linux • davegallant</title>
<link rel='canonical' href='/blog/2020/03/16/appgate-sdp-on-arch-linux/'>
@@ -312,82 +312,81 @@ As of right now, the latest AUR is <code>4.2.2-1</code>.</p>
<p>These steps highlight how to get it working with <code>Python3.8</code> by making a 1 line modification to AppGate source code.</p>
<h1 id="packaging">Packaging</h1>
<p>We already know the community package is currently out of date, so let&rsquo;s clone it:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">git clone https://aur.archlinux.org/appgate-sdp.git
<span style="color:#366">cd</span> appgate-sdp
</code></pre></div><p>You&rsquo;ll likely notice that the version is not what we want, so let&rsquo;s modify the <code>PKGBUILD</code> to the following:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#09f;font-style:italic"># Maintainer: Pawel Mosakowski &lt;pawel at mosakowski dot net&gt;</span>
<span style="color:#033">pkgname</span><span style="color:#555">=</span>appgate-sdp
<span style="color:#033">conflicts</span><span style="color:#555">=(</span><span style="color:#c30">&#39;appgate-sdp-headless&#39;</span><span style="color:#555">)</span>
<span style="color:#033">pkgver</span><span style="color:#555">=</span>4.3.2
<span style="color:#033">_download_pkgver</span><span style="color:#555">=</span>4.3
<span style="color:#033">pkgrel</span><span style="color:#555">=</span><span style="color:#f60">1</span>
<span style="color:#033">epoch</span><span style="color:#555">=</span>
<span style="color:#033">pkgdesc</span><span style="color:#555">=</span><span style="color:#c30">&#34;Software Defined Perimeter - GUI client&#34;</span>
<span style="color:#033">arch</span><span style="color:#555">=(</span><span style="color:#c30">&#39;x86_64&#39;</span><span style="color:#555">)</span>
<span style="color:#033">url</span><span style="color:#555">=</span><span style="color:#c30">&#34;https://www.cyxtera.com/essential-defense/appgate-sdp/support&#34;</span>
<span style="color:#033">license</span><span style="color:#555">=(</span><span style="color:#c30">&#39;custom&#39;</span><span style="color:#555">)</span>
<span style="color:#09f;font-style:italic"># dependecies calculated by namcap</span>
<span style="color:#033">depends</span><span style="color:#555">=(</span><span style="color:#c30">&#39;gconf&#39;</span> <span style="color:#c30">&#39;libsecret&#39;</span> <span style="color:#c30">&#39;gtk3&#39;</span> <span style="color:#c30">&#39;python&#39;</span> <span style="color:#c30">&#39;nss&#39;</span> <span style="color:#c30">&#39;libxss&#39;</span> <span style="color:#c30">&#39;nodejs&#39;</span> <span style="color:#c30">&#39;dnsmasq&#39;</span><span style="color:#555">)</span>
<span style="color:#033">source</span><span style="color:#555">=(</span><span style="color:#c30">&#34;https://sdpdownloads.cyxtera.com/AppGate-SDP-</span><span style="color:#a00">${</span><span style="color:#033">_download_pkgver</span><span style="color:#a00">}</span><span style="color:#c30">/clients/</span><span style="color:#a00">${</span><span style="color:#033">pkgname</span><span style="color:#a00">}</span><span style="color:#c30">_</span><span style="color:#a00">${</span><span style="color:#033">pkgver</span><span style="color:#a00">}</span><span style="color:#c30">_amd64.deb&#34;</span>
<span style="color:#c30">&#34;appgatedriver.service&#34;</span><span style="color:#555">)</span>
<span style="color:#033">options</span><span style="color:#555">=(</span>staticlibs<span style="color:#555">)</span>
prepare<span style="color:#555">()</span> <span style="color:#555">{</span>
tar -xf data.tar.xz
<span style="color:#555">}</span>
package<span style="color:#555">()</span> <span style="color:#555">{</span>
cp -dpr <span style="color:#c30">&#34;</span><span style="color:#a00">${</span><span style="color:#033">srcdir</span><span style="color:#a00">}</span><span style="color:#c30">&#34;</span>/<span style="color:#555">{</span>etc,lib,opt,usr<span style="color:#555">}</span> <span style="color:#c30">&#34;</span><span style="color:#a00">${</span><span style="color:#033">pkgdir</span><span style="color:#a00">}</span><span style="color:#c30">&#34;</span>
mv -v <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/lib/systemd/system&#34;</span> <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/usr/lib/systemd/&#34;</span>
rm -vrf <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/lib&#34;</span>
cp -v <span style="color:#c30">&#34;</span><span style="color:#033">$srcdir</span><span style="color:#c30">/appgatedriver.service&#34;</span> <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/usr/lib/systemd/system/appgatedriver.service&#34;</span>
mkdir -vp <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/usr/share/licenses/appgate-sdp&#34;</span>
cp -v <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/usr/share/doc/appgate/copyright&#34;</span> <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/usr/share/licenses/appgate-sdp&#34;</span>
cp -v <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/usr/share/doc/appgate/LICENSE.github&#34;</span> <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/usr/share/licenses/appgate-sdp&#34;</span>
cp -v <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/usr/share/doc/appgate/LICENSES.chromium.html.bz2&#34;</span> <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/usr/share/licenses/appgate-sdp&#34;</span>
<span style="color:#555">}</span>
<span style="color:#033">md5sums</span><span style="color:#555">=(</span><span style="color:#c30">&#39;17101aac7623c06d5fbb95f50cf3dbdc&#39;</span>
<span style="color:#c30">&#39;002644116e20b2d79fdb36b7677ab4cf&#39;</span><span style="color:#555">)</span>
</code></pre></div><p>Let&rsquo;s first make sure we have some dependencies. If you do not have <a href="https://github.com/Jguer/yay">yay</a>, check it out.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">yay -S dnsmasq gconf
</code></pre></div><p>Now, let&rsquo;s install it:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">makepkg -si
</code></pre></div><h1 id="running-the-client">Running the client</h1>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>git clone https://aur.archlinux.org/appgate-sdp.git
</span></span><span style="display:flex;"><span><span style="color:#366">cd</span> appgate-sdp
</span></span></code></pre></div><p>You&rsquo;ll likely notice that the version is not what we want, so let&rsquo;s modify the <code>PKGBUILD</code> to the following:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Maintainer: Pawel Mosakowski &lt;pawel at mosakowski dot net&gt;</span>
</span></span><span style="display:flex;"><span><span style="color:#033">pkgname</span><span style="color:#555">=</span>appgate-sdp
</span></span><span style="display:flex;"><span><span style="color:#033">conflicts</span><span style="color:#555">=(</span><span style="color:#c30">&#39;appgate-sdp-headless&#39;</span><span style="color:#555">)</span>
</span></span><span style="display:flex;"><span><span style="color:#033">pkgver</span><span style="color:#555">=</span>4.3.2
</span></span><span style="display:flex;"><span><span style="color:#033">_download_pkgver</span><span style="color:#555">=</span>4.3
</span></span><span style="display:flex;"><span><span style="color:#033">pkgrel</span><span style="color:#555">=</span><span style="color:#f60">1</span>
</span></span><span style="display:flex;"><span><span style="color:#033">epoch</span><span style="color:#555">=</span>
</span></span><span style="display:flex;"><span><span style="color:#033">pkgdesc</span><span style="color:#555">=</span><span style="color:#c30">&#34;Software Defined Perimeter - GUI client&#34;</span>
</span></span><span style="display:flex;"><span><span style="color:#033">arch</span><span style="color:#555">=(</span><span style="color:#c30">&#39;x86_64&#39;</span><span style="color:#555">)</span>
</span></span><span style="display:flex;"><span><span style="color:#033">url</span><span style="color:#555">=</span><span style="color:#c30">&#34;https://www.cyxtera.com/essential-defense/appgate-sdp/support&#34;</span>
</span></span><span style="display:flex;"><span><span style="color:#033">license</span><span style="color:#555">=(</span><span style="color:#c30">&#39;custom&#39;</span><span style="color:#555">)</span>
</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># dependecies calculated by namcap</span>
</span></span><span style="display:flex;"><span><span style="color:#033">depends</span><span style="color:#555">=(</span><span style="color:#c30">&#39;gconf&#39;</span> <span style="color:#c30">&#39;libsecret&#39;</span> <span style="color:#c30">&#39;gtk3&#39;</span> <span style="color:#c30">&#39;python&#39;</span> <span style="color:#c30">&#39;nss&#39;</span> <span style="color:#c30">&#39;libxss&#39;</span> <span style="color:#c30">&#39;nodejs&#39;</span> <span style="color:#c30">&#39;dnsmasq&#39;</span><span style="color:#555">)</span>
</span></span><span style="display:flex;"><span><span style="color:#033">source</span><span style="color:#555">=(</span><span style="color:#c30">&#34;https://sdpdownloads.cyxtera.com/AppGate-SDP-</span><span style="color:#a00">${</span><span style="color:#033">_download_pkgver</span><span style="color:#a00">}</span><span style="color:#c30">/clients/</span><span style="color:#a00">${</span><span style="color:#033">pkgname</span><span style="color:#a00">}</span><span style="color:#c30">_</span><span style="color:#a00">${</span><span style="color:#033">pkgver</span><span style="color:#a00">}</span><span style="color:#c30">_amd64.deb&#34;</span>
</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;appgatedriver.service&#34;</span><span style="color:#555">)</span>
</span></span><span style="display:flex;"><span><span style="color:#033">options</span><span style="color:#555">=(</span>staticlibs<span style="color:#555">)</span>
</span></span><span style="display:flex;"><span>prepare<span style="color:#555">()</span> <span style="color:#555">{</span>
</span></span><span style="display:flex;"><span> tar -xf data.tar.xz
</span></span><span style="display:flex;"><span><span style="color:#555">}</span>
</span></span><span style="display:flex;"><span>package<span style="color:#555">()</span> <span style="color:#555">{</span>
</span></span><span style="display:flex;"><span> cp -dpr <span style="color:#c30">&#34;</span><span style="color:#a00">${</span><span style="color:#033">srcdir</span><span style="color:#a00">}</span><span style="color:#c30">&#34;</span>/<span style="color:#555">{</span>etc,lib,opt,usr<span style="color:#555">}</span> <span style="color:#c30">&#34;</span><span style="color:#a00">${</span><span style="color:#033">pkgdir</span><span style="color:#a00">}</span><span style="color:#c30">&#34;</span>
</span></span><span style="display:flex;"><span> mv -v <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/lib/systemd/system&#34;</span> <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/usr/lib/systemd/&#34;</span>
</span></span><span style="display:flex;"><span> rm -vrf <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/lib&#34;</span>
</span></span><span style="display:flex;"><span> cp -v <span style="color:#c30">&#34;</span><span style="color:#033">$srcdir</span><span style="color:#c30">/appgatedriver.service&#34;</span> <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/usr/lib/systemd/system/appgatedriver.service&#34;</span>
</span></span><span style="display:flex;"><span> mkdir -vp <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/usr/share/licenses/appgate-sdp&#34;</span>
</span></span><span style="display:flex;"><span> cp -v <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/usr/share/doc/appgate/copyright&#34;</span> <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/usr/share/licenses/appgate-sdp&#34;</span>
</span></span><span style="display:flex;"><span> cp -v <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/usr/share/doc/appgate/LICENSE.github&#34;</span> <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/usr/share/licenses/appgate-sdp&#34;</span>
</span></span><span style="display:flex;"><span> cp -v <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/usr/share/doc/appgate/LICENSES.chromium.html.bz2&#34;</span> <span style="color:#c30">&#34;</span><span style="color:#033">$pkgdir</span><span style="color:#c30">/usr/share/licenses/appgate-sdp&#34;</span>
</span></span><span style="display:flex;"><span><span style="color:#555">}</span>
</span></span><span style="display:flex;"><span><span style="color:#033">md5sums</span><span style="color:#555">=(</span><span style="color:#c30">&#39;17101aac7623c06d5fbb95f50cf3dbdc&#39;</span>
</span></span><span style="display:flex;"><span> <span style="color:#c30">&#39;002644116e20b2d79fdb36b7677ab4cf&#39;</span><span style="color:#555">)</span>
</span></span></code></pre></div><p>Let&rsquo;s first make sure we have some dependencies. If you do not have <a href="https://github.com/Jguer/yay">yay</a>, check it out.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>yay -S dnsmasq gconf
</span></span></code></pre></div><p>Now, let&rsquo;s install it:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>makepkg -si
</span></span></code></pre></div><h1 id="running-the-client">Running the client</h1>
<p>Ok, let&rsquo;s run the client by executing <code>appgate</code>.</p>
<p>It complains about not being able to connect.</p>
<p>Easy fix:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">sudo systemctl start appgatedriver.service
</code></pre></div><p>Now we should be connected&hellip; but DNS is not working?</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>sudo systemctl start appgatedriver.service
</span></span></code></pre></div><p>Now we should be connected&hellip; but DNS is not working?</p>
<h1 id="fixing-the-dns">Fixing the DNS</h1>
<p>Running <code>resolvectl</code> should display that something is not right.</p>
<p>Why is the DNS not being set by appgate?</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">$ head -3 /opt/appgate/linux/set_dns
<span style="color:#09f;font-style:italic">#!/usr/bin/env python3</span>
<span style="color:#c30">&#39;&#39;</span><span style="color:#a00;background-color:#faa">&#39;</span>
This is used to <span style="color:#366">set</span> and <span style="color:#366">unset</span> the DNS.
</code></pre></div><p>It seems like python3 is required for the DNS setting to happen.
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ head -3 /opt/appgate/linux/set_dns
</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic">#!/usr/bin/env python3</span>
</span></span><span style="display:flex;"><span><span style="color:#c30">&#39;&#39;</span><span style="color:#a00;background-color:#faa">&#39;</span>
</span></span><span style="display:flex;"><span>This is used to <span style="color:#366">set</span> and <span style="color:#366">unset</span> the DNS.
</span></span></code></pre></div><p>It seems like python3 is required for the DNS setting to happen.
Let&rsquo;s try to run it.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">$ sudo /opt/appgate/linux/set_dns
/opt/appgate/linux/set_dns:88: SyntaxWarning: <span style="color:#c30">&#34;is&#34;</span> with a literal. Did you mean <span style="color:#c30">&#34;==&#34;</span>?
<span style="color:#033">servers</span> <span style="color:#555">=</span> <span style="color:#555">[(</span> socket.AF_INET <span style="color:#069;font-weight:bold">if</span> x.version is <span style="color:#f60">4</span> <span style="color:#069;font-weight:bold">else</span> socket.AF_INET6, map<span style="color:#555">(</span>int, x.packed<span style="color:#555">))</span> <span style="color:#069;font-weight:bold">for</span> x in servers<span style="color:#555">]</span>
Traceback <span style="color:#555">(</span>most recent call last<span style="color:#555">)</span>:
File <span style="color:#c30">&#34;/opt/appgate/linux/set_dns&#34;</span>, line 30, in &lt;module&gt;
import dbus
ModuleNotFoundError: No module named <span style="color:#c30">&#39;dbus&#39;</span>
</code></pre></div><p>Ok, let&rsquo;s install it:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">$ sudo python3.8 -m pip install dbus-python
</code></pre></div><p>Will it work now? Not yet. There&rsquo;s another issue:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">$ sudo /opt/appgate/linux/set_dns
/opt/appgate/linux/set_dns:88: SyntaxWarning: <span style="color:#c30">&#34;is&#34;</span> with a literal. Did you mean <span style="color:#c30">&#34;==&#34;</span>?
<span style="color:#033">servers</span> <span style="color:#555">=</span> <span style="color:#555">[(</span> socket.AF_INET <span style="color:#069;font-weight:bold">if</span> x.version is <span style="color:#f60">4</span> <span style="color:#069;font-weight:bold">else</span> socket.AF_INET6, map<span style="color:#555">(</span>int, x.packed<span style="color:#555">))</span> <span style="color:#069;font-weight:bold">for</span> x in servers<span style="color:#555">]</span>
module <span style="color:#c30">&#39;platform&#39;</span> has no attribute <span style="color:#c30">&#39;linux_distribution&#39;</span>
</code></pre></div><p>This is a breaking change in Python3.8.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ sudo /opt/appgate/linux/set_dns
</span></span><span style="display:flex;"><span>/opt/appgate/linux/set_dns:88: SyntaxWarning: <span style="color:#c30">&#34;is&#34;</span> with a literal. Did you mean <span style="color:#c30">&#34;==&#34;</span>?
</span></span><span style="display:flex;"><span> <span style="color:#033">servers</span> <span style="color:#555">=</span> <span style="color:#555">[(</span> socket.AF_INET <span style="color:#069;font-weight:bold">if</span> x.version is <span style="color:#f60">4</span> <span style="color:#069;font-weight:bold">else</span> socket.AF_INET6, map<span style="color:#555">(</span>int, x.packed<span style="color:#555">))</span> <span style="color:#069;font-weight:bold">for</span> x in servers<span style="color:#555">]</span>
</span></span><span style="display:flex;"><span>Traceback <span style="color:#555">(</span>most recent call last<span style="color:#555">)</span>:
</span></span><span style="display:flex;"><span> File <span style="color:#c30">&#34;/opt/appgate/linux/set_dns&#34;</span>, line 30, in &lt;module&gt;
</span></span><span style="display:flex;"><span> import dbus
</span></span><span style="display:flex;"><span>ModuleNotFoundError: No module named <span style="color:#c30">&#39;dbus&#39;</span>
</span></span></code></pre></div><p>Ok, let&rsquo;s install it:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ sudo python3.8 -m pip install dbus-python
</span></span></code></pre></div><p>Will it work now? Not yet. There&rsquo;s another issue:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ sudo /opt/appgate/linux/set_dns
</span></span><span style="display:flex;"><span>/opt/appgate/linux/set_dns:88: SyntaxWarning: <span style="color:#c30">&#34;is&#34;</span> with a literal. Did you mean <span style="color:#c30">&#34;==&#34;</span>?
</span></span><span style="display:flex;"><span> <span style="color:#033">servers</span> <span style="color:#555">=</span> <span style="color:#555">[(</span> socket.AF_INET <span style="color:#069;font-weight:bold">if</span> x.version is <span style="color:#f60">4</span> <span style="color:#069;font-weight:bold">else</span> socket.AF_INET6, map<span style="color:#555">(</span>int, x.packed<span style="color:#555">))</span> <span style="color:#069;font-weight:bold">for</span> x in servers<span style="color:#555">]</span>
</span></span><span style="display:flex;"><span>module <span style="color:#c30">&#39;platform&#39;</span> has no attribute <span style="color:#c30">&#39;linux_distribution&#39;</span>
</span></span></code></pre></div><p>This is a breaking change in Python3.8.</p>
<p>So what is calling <code>platform.linux_distribution</code>?</p>
<p>Let&rsquo;s search for it:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">$ sudo grep -r <span style="color:#c30">&#39;linux_distribution&#39;</span> /opt/appgate/linux/
/opt/appgate/linux/nm.py: <span style="color:#069;font-weight:bold">if</span> platform.linux_distribution<span style="color:#555">()[</span>0<span style="color:#555">]</span> !<span style="color:#555">=</span> <span style="color:#c30">&#39;Fedora&#39;</span>:
</code></pre></div><p>Aha! So this is in the local AppGate source code. This should be an easy fix. Let&rsquo;s just replace this line with:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-python" data-lang="python"><span style="color:#069;font-weight:bold">if</span> <span style="color:#069;font-weight:bold">True</span>: <span style="color:#09f;font-style:italic"># Since we are not using Fedora :)</span>
</code></pre></div><h1 id="wrapping-up">Wrapping up</h1>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ sudo grep -r <span style="color:#c30">&#39;linux_distribution&#39;</span> /opt/appgate/linux/
</span></span><span style="display:flex;"><span>/opt/appgate/linux/nm.py: <span style="color:#069;font-weight:bold">if</span> platform.linux_distribution<span style="color:#555">()[</span>0<span style="color:#555">]</span> !<span style="color:#555">=</span> <span style="color:#c30">&#39;Fedora&#39;</span>:
</span></span></code></pre></div><p>Aha! So this is in the local AppGate source code. This should be an easy fix. Let&rsquo;s just replace this line with:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-python" data-lang="python"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">if</span> <span style="color:#069;font-weight:bold">True</span>: <span style="color:#09f;font-style:italic"># Since we are not using Fedora :)</span>
</span></span></code></pre></div><h1 id="wrapping-up">Wrapping up</h1>
<p>It turns out there are <a href="https://docs.python.org/3.7/library/platform.html#platform.linux_distribution">breaking changes</a> in Python3.8.</p>
<p>The docs say <code>Deprecated since version 3.5, will be removed in version 3.8: See alternative like the distro package.</code></p>
<p>I suppose this highlights one of the caveats of relying upon the system&rsquo;s python, rather than having an isolated, dedicated environment for all dependencies.</p>

2
public/blog/2021/09/06/what-to-do-with-a-homelab/index.html
View File

@@ -11,7 +11,7 @@
<meta property='og:site_name' content='davegallant'>
<meta property='og:type' content='article'><meta property='article:section' content='post'><meta property='article:tag' content='tailscale'><meta property='article:tag' content='homelab'><meta property='article:tag' content='netdata'><meta property='article:tag' content='jellyfin'><meta property='article:tag' content='plex'><meta property='article:tag' content='pihole'><meta property='article:tag' content='virtualization'><meta property='article:tag' content='adguard'><meta property='article:tag' content='grafana'><meta property='article:published_time' content='2021-09-06T01:12:54-04:00'/><meta property='article:modified_time' content='2021-09-06T01:12:54-04:00'/><meta name='twitter:card' content='summary'>
<meta name="generator" content="Hugo 0.92.2" />
<meta name="generator" content="Hugo 0.99.1" />
<title>What To Do With A Homelab • davegallant</title>
<link rel='canonical' href='/blog/2021/09/06/what-to-do-with-a-homelab/'>

224
public/blog/2021/09/08/why-i-threw-out-my-dotfiles/index.html
View File

@@ -11,7 +11,7 @@
<meta property='og:site_name' content='davegallant'>
<meta property='og:type' content='article'><meta property='article:section' content='post'><meta property='article:tag' content='nix'><meta property='article:tag' content='dotfiles'><meta property='article:tag' content='home-manager'><meta property='article:published_time' content='2021-09-08T00:42:33-04:00'/><meta property='article:modified_time' content='2021-09-08T00:42:33-04:00'/><meta name='twitter:card' content='summary'>
<meta name="generator" content="Hugo 0.92.2" />
<meta name="generator" content="Hugo 0.99.1" />
<title>Why I Threw Out My Dotfiles • davegallant</title>
<link rel='canonical' href='/blog/2021/09/08/why-i-threw-out-my-dotfiles/'>
@@ -310,9 +310,9 @@ if (!doNotTrack) {
<h2 id="what-is-home-manager">What is home-manager?</h2>
<p>Before understanding home-manager, it is worth briefly discussing what nix is. <a href="https://nixos.org/">nix</a> is a package manager that originally spawned from a <a href="https://edolstra.github.io/pubs/phd-thesis.pdf">PhD thesis</a>. Unlike other package managers, it uses symbolic links to keep track of the currently installed packages, keeping around the old ones in case you may want to rollback.</p>
<p>For example, I have used nix to install the package <a href="https://search.nixos.org/packages?channel=unstable&amp;show=bind&amp;from=0&amp;size=50&amp;sort=relevance&amp;type=packages&amp;query=bind">bind</a> which includes <code>dig</code>. You can see that it is available on multiple platforms. The absolute path of <code>dig</code> can be found by running:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-console" data-lang="console"><span style="color:#009;font-weight:bold">$ </span>ls -lh <span style="color:#069;font-weight:bold">$(</span>which dig<span style="color:#069;font-weight:bold">)</span>
<span style="color:#aaa">lrwxr-xr-x 73 root 31 Dec 1969 /run/current-system/sw/bin/dig -&gt; /nix/store/0r4qdyprljd3dki57jn6c6a8dh2rbg9g-bind-9.16.16-dnsutils/bin/dig
</span></code></pre></div><p>Notice that there is a hash included in the file path? This is a nix store path and is computed by the nix package manager. This <a href="https://nixos.org/guides/nix-pills/nix-store-paths.html">nix pill</a> does a good job explaining how this hash is computed. All of the nix pills are worth a read, if you are interested in learning more about nix itself. However, using home-manager does not require extensive knowledge of nix.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-console" data-lang="console"><span style="display:flex;"><span><span style="color:#009;font-weight:bold">$</span> ls -lh <span style="color:#069;font-weight:bold">$(</span>which dig<span style="color:#069;font-weight:bold">)</span>
</span></span><span style="display:flex;"><span><span style="color:#aaa">lrwxr-xr-x 73 root 31 Dec 1969 /run/current-system/sw/bin/dig -&gt; /nix/store/0r4qdyprljd3dki57jn6c6a8dh2rbg9g-bind-9.16.16-dnsutils/bin/dig
</span></span></span></code></pre></div><p>Notice that there is a hash included in the file path? This is a nix store path and is computed by the nix package manager. This <a href="https://nixos.org/guides/nix-pills/nix-store-paths.html">nix pill</a> does a good job explaining how this hash is computed. All of the nix pills are worth a read, if you are interested in learning more about nix itself. However, using home-manager does not require extensive knowledge of nix.</p>
<p>Part of the nix ecosystem includes <a href="https://github.com/NixOS/nixpkgs">nixpkgs</a>. Many popular tools can be found already packaged in this repository. As you can see with these <a href="https://repology.org/repositories/statistics/total">stats</a>, there is a large number of existing packages that are being maintained by the community. Contributing a new package is easy, and anyone can do it!</p>
<p>home-manager leverages the nix package manager (and nixpkgs), as well the nix language so that you can declaratively define your system configuration. I store my <a href="https://github.com/davegallant/nix-config">nix-config</a> in git so that I can keep track of my packages and configurations, and retain a clean and informative git commit history so that I can understand what changed and why.</p>
<h2 id="setting-up-home-manager">Setting up home-manager</h2>
@@ -320,117 +320,117 @@ if (!doNotTrack) {
<p>⚠️ If you run this on your main machine, make sure you backup your configuration files first. home-manager is pretty good about not overwriting existing configuration, but it is better to have a backup! Alternatively, you could test this out on a VM or cloud instance.</p>
</blockquote>
<p>The first thing you should do is <a href="https://nixos.org/guides/install-nix.html">install nix</a>:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">curl -L https://nixos.org/nix/install | sh
</code></pre></div><p>It&rsquo;s generally not a good idea to curl and execute files from the internet (without verifying integrity), so you might want to download the install script first and take a look before executing it!</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>curl -L https://nixos.org/nix/install | sh
</span></span></code></pre></div><p>It&rsquo;s generally not a good idea to curl and execute files from the internet (without verifying integrity), so you might want to download the install script first and take a look before executing it!</p>
<p>Open up a new shell in your terminal and running <code>nix</code> <em>should</em> work. If not, run <code>. ~/.nix-profile/etc/profile.d/nix.sh</code></p>
<p>Now, <a href="https://github.com/nix-community/home-manager#installation">install home-manager</a>:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">nix-channel --add https://github.com/nix-community/home-manager/archive/master.tar.gz home-manager
nix-channel --update
nix-shell <span style="color:#c30">&#39;&lt;home-manager&gt;&#39;</span> -A install
</code></pre></div><p>You should see a wave of <code>/nix/store/*</code> paths being displayed on your screen.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>nix-channel --add https://github.com/nix-community/home-manager/archive/master.tar.gz home-manager
</span></span><span style="display:flex;"><span>nix-channel --update
</span></span><span style="display:flex;"><span>nix-shell <span style="color:#c30">&#39;&lt;home-manager&gt;&#39;</span> -A install
</span></span></code></pre></div><p>You should see a wave of <code>/nix/store/*</code> paths being displayed on your screen.</p>
<p>Now, to start off with a basic configuration, open up <code>~/.config/nixpkgs/home.nix</code> in the editor of your choice and paste this in (you will want to change <code>userName</code> and <code>homeDirectory</code>):</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-nix" data-lang="nix">{ config<span style="color:#555">,</span> pkgs<span style="color:#555">,</span> <span style="color:#555">...</span> }:
{
programs<span style="color:#555">.</span>home-manager<span style="color:#555">.</span>enable <span style="color:#555">=</span> <span style="color:#360">true</span>;
home <span style="color:#555">=</span> {
username <span style="color:#555">=</span> <span style="color:#c30">&#34;dave&#34;</span>;
homeDirectory <span style="color:#555">=</span> <span style="color:#c30">&#34;/home/dave&#34;</span>;
stateVersion <span style="color:#555">=</span> <span style="color:#c30">&#34;21.11&#34;</span>;
packages <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">with</span> pkgs; [
bind
exa
fd
ripgrep
];
};
programs <span style="color:#555">=</span> {
git <span style="color:#555">=</span> {
enable <span style="color:#555">=</span> <span style="color:#360">true</span>;
aliases <span style="color:#555">=</span> {
aa <span style="color:#555">=</span> <span style="color:#c30">&#34;add -A .&#34;</span>;
br <span style="color:#555">=</span> <span style="color:#c30">&#34;branch&#34;</span>;
c <span style="color:#555">=</span> <span style="color:#c30">&#34;commit -S&#34;</span>;
ca <span style="color:#555">=</span> <span style="color:#c30">&#34;commit -S --amend&#34;</span>;
cb <span style="color:#555">=</span> <span style="color:#c30">&#34;checkout -b&#34;</span>;
co <span style="color:#555">=</span> <span style="color:#c30">&#34;checkout&#34;</span>;
d <span style="color:#555">=</span> <span style="color:#c30">&#34;diff&#34;</span>;
l <span style="color:#555">=</span>
<span style="color:#c30">&#34;log --graph --pretty=format:&#39;%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)&lt;%an&gt;%Creset&#39; --abbrev-commit&#34;</span>;
};
delta <span style="color:#555">=</span> {
enable <span style="color:#555">=</span> <span style="color:#360">true</span>;
options <span style="color:#555">=</span> {
features <span style="color:#555">=</span> <span style="color:#c30">&#34;line-numbers decorations&#34;</span>;
whitespace-error-style <span style="color:#555">=</span> <span style="color:#c30">&#34;22 reverse&#34;</span>;
plus-style <span style="color:#555">=</span> <span style="color:#c30">&#34;green bold ul &#39;#198214&#39;&#34;</span>;
decorations <span style="color:#555">=</span> {
commit-decoration-style <span style="color:#555">=</span> <span style="color:#c30">&#34;bold yellow box ul&#34;</span>;
file-style <span style="color:#555">=</span> <span style="color:#c30">&#34;bold yellow ul&#34;</span>;
file-decoration-style <span style="color:#555">=</span> <span style="color:#c30">&#34;none&#34;</span>;
};
};
};
extraConfig <span style="color:#555">=</span> {
push <span style="color:#555">=</span> { default <span style="color:#555">=</span> <span style="color:#c30">&#34;current&#34;</span>; };
pull <span style="color:#555">=</span> { rebase <span style="color:#555">=</span> <span style="color:#360">true</span>; };
};
};
starship <span style="color:#555">=</span> {
enable <span style="color:#555">=</span> <span style="color:#360">true</span>;
enableZshIntegration <span style="color:#555">=</span> <span style="color:#360">true</span>;
settings <span style="color:#555">=</span> {
add_newline <span style="color:#555">=</span> <span style="color:#360">false</span>;
scan_timeout <span style="color:#555">=</span> <span style="color:#f60">10</span>;
};
};
zsh <span style="color:#555">=</span> {
enable <span style="color:#555">=</span> <span style="color:#360">true</span>;
enableAutosuggestions <span style="color:#555">=</span> <span style="color:#360">true</span>;
enableSyntaxHighlighting <span style="color:#555">=</span> <span style="color:#360">true</span>;
history<span style="color:#555">.</span>size <span style="color:#555">=</span> <span style="color:#f60">1000000</span>;
localVariables <span style="color:#555">=</span> {
CASE_SENSITIVE <span style="color:#555">=</span> <span style="color:#c30">&#34;true&#34;</span>;
DISABLE_UNTRACKED_FILES_DIRTY <span style="color:#555">=</span> <span style="color:#c30">&#34;true&#34;</span>;
RPROMPT <span style="color:#555">=</span> <span style="color:#c30">&#34;&#34;</span>; <span style="color:#09f;font-style:italic"># override because macOS defaults to filepath</span>
ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE <span style="color:#555">=</span> <span style="color:#c30">&#34;fg=#838383,underline&#34;</span>;
ZSH_DISABLE_COMPFIX <span style="color:#555">=</span> <span style="color:#c30">&#34;true&#34;</span>;
};
initExtra <span style="color:#555">=</span> <span style="color:#c30">&#39;&#39;
</span><span style="color:#c30"> export PAGER=less
</span><span style="color:#c30"> &#39;&#39;</span>;
shellAliases <span style="color:#555">=</span> {
<span style="color:#c30">&#34;..&#34;</span> <span style="color:#555">=</span> <span style="color:#c30">&#34;cd ..&#34;</span>;
grep <span style="color:#555">=</span> <span style="color:#c30">&#34;rg --smart-case&#34;</span>;
ls <span style="color:#555">=</span> <span style="color:#c30">&#34;exa -la --git&#34;</span>;
};
<span style="color:#c30">&#34;oh-my-zsh&#34;</span> <span style="color:#555">=</span> {
enable <span style="color:#555">=</span> <span style="color:#360">true</span>;
plugins <span style="color:#555">=</span> [
<span style="color:#c30">&#34;gitfast&#34;</span>
<span style="color:#c30">&#34;last-working-dir&#34;</span>
];
};
};
};
}
</code></pre></div><p>Save the file and run:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nix" data-lang="nix"><span style="display:flex;"><span>{ config<span style="color:#555">,</span> pkgs<span style="color:#555">,</span> <span style="color:#555">...</span> }:
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>{
</span></span><span style="display:flex;"><span> programs<span style="color:#555">.</span>home-manager<span style="color:#555">.</span>enable <span style="color:#555">=</span> <span style="color:#360">true</span>;
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> home <span style="color:#555">=</span> {
</span></span><span style="display:flex;"><span> username <span style="color:#555">=</span> <span style="color:#c30">&#34;dave&#34;</span>;
</span></span><span style="display:flex;"><span> homeDirectory <span style="color:#555">=</span> <span style="color:#c30">&#34;/home/dave&#34;</span>;
</span></span><span style="display:flex;"><span> stateVersion <span style="color:#555">=</span> <span style="color:#c30">&#34;21.11&#34;</span>;
</span></span><span style="display:flex;"><span> packages <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">with</span> pkgs; [
</span></span><span style="display:flex;"><span> bind
</span></span><span style="display:flex;"><span> exa
</span></span><span style="display:flex;"><span> fd
</span></span><span style="display:flex;"><span> ripgrep
</span></span><span style="display:flex;"><span> ];
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> programs <span style="color:#555">=</span> {
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> git <span style="color:#555">=</span> {
</span></span><span style="display:flex;"><span> enable <span style="color:#555">=</span> <span style="color:#360">true</span>;
</span></span><span style="display:flex;"><span> aliases <span style="color:#555">=</span> {
</span></span><span style="display:flex;"><span> aa <span style="color:#555">=</span> <span style="color:#c30">&#34;add -A .&#34;</span>;
</span></span><span style="display:flex;"><span> br <span style="color:#555">=</span> <span style="color:#c30">&#34;branch&#34;</span>;
</span></span><span style="display:flex;"><span> c <span style="color:#555">=</span> <span style="color:#c30">&#34;commit -S&#34;</span>;
</span></span><span style="display:flex;"><span> ca <span style="color:#555">=</span> <span style="color:#c30">&#34;commit -S --amend&#34;</span>;
</span></span><span style="display:flex;"><span> cb <span style="color:#555">=</span> <span style="color:#c30">&#34;checkout -b&#34;</span>;
</span></span><span style="display:flex;"><span> co <span style="color:#555">=</span> <span style="color:#c30">&#34;checkout&#34;</span>;
</span></span><span style="display:flex;"><span> d <span style="color:#555">=</span> <span style="color:#c30">&#34;diff&#34;</span>;
</span></span><span style="display:flex;"><span> l <span style="color:#555">=</span>
</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;log --graph --pretty=format:&#39;%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)&lt;%an&gt;%Creset&#39; --abbrev-commit&#34;</span>;
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> delta <span style="color:#555">=</span> {
</span></span><span style="display:flex;"><span> enable <span style="color:#555">=</span> <span style="color:#360">true</span>;
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> options <span style="color:#555">=</span> {
</span></span><span style="display:flex;"><span> features <span style="color:#555">=</span> <span style="color:#c30">&#34;line-numbers decorations&#34;</span>;
</span></span><span style="display:flex;"><span> whitespace-error-style <span style="color:#555">=</span> <span style="color:#c30">&#34;22 reverse&#34;</span>;
</span></span><span style="display:flex;"><span> plus-style <span style="color:#555">=</span> <span style="color:#c30">&#34;green bold ul &#39;#198214&#39;&#34;</span>;
</span></span><span style="display:flex;"><span> decorations <span style="color:#555">=</span> {
</span></span><span style="display:flex;"><span> commit-decoration-style <span style="color:#555">=</span> <span style="color:#c30">&#34;bold yellow box ul&#34;</span>;
</span></span><span style="display:flex;"><span> file-style <span style="color:#555">=</span> <span style="color:#c30">&#34;bold yellow ul&#34;</span>;
</span></span><span style="display:flex;"><span> file-decoration-style <span style="color:#555">=</span> <span style="color:#c30">&#34;none&#34;</span>;
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> extraConfig <span style="color:#555">=</span> {
</span></span><span style="display:flex;"><span> push <span style="color:#555">=</span> { default <span style="color:#555">=</span> <span style="color:#c30">&#34;current&#34;</span>; };
</span></span><span style="display:flex;"><span> pull <span style="color:#555">=</span> { rebase <span style="color:#555">=</span> <span style="color:#360">true</span>; };
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> starship <span style="color:#555">=</span> {
</span></span><span style="display:flex;"><span> enable <span style="color:#555">=</span> <span style="color:#360">true</span>;
</span></span><span style="display:flex;"><span> enableZshIntegration <span style="color:#555">=</span> <span style="color:#360">true</span>;
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> settings <span style="color:#555">=</span> {
</span></span><span style="display:flex;"><span> add_newline <span style="color:#555">=</span> <span style="color:#360">false</span>;
</span></span><span style="display:flex;"><span> scan_timeout <span style="color:#555">=</span> <span style="color:#f60">10</span>;
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> zsh <span style="color:#555">=</span> {
</span></span><span style="display:flex;"><span> enable <span style="color:#555">=</span> <span style="color:#360">true</span>;
</span></span><span style="display:flex;"><span> enableAutosuggestions <span style="color:#555">=</span> <span style="color:#360">true</span>;
</span></span><span style="display:flex;"><span> enableSyntaxHighlighting <span style="color:#555">=</span> <span style="color:#360">true</span>;
</span></span><span style="display:flex;"><span> history<span style="color:#555">.</span>size <span style="color:#555">=</span> <span style="color:#f60">1000000</span>;
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> localVariables <span style="color:#555">=</span> {
</span></span><span style="display:flex;"><span> CASE_SENSITIVE <span style="color:#555">=</span> <span style="color:#c30">&#34;true&#34;</span>;
</span></span><span style="display:flex;"><span> DISABLE_UNTRACKED_FILES_DIRTY <span style="color:#555">=</span> <span style="color:#c30">&#34;true&#34;</span>;
</span></span><span style="display:flex;"><span> RPROMPT <span style="color:#555">=</span> <span style="color:#c30">&#34;&#34;</span>; <span style="color:#09f;font-style:italic"># override because macOS defaults to filepath</span>
</span></span><span style="display:flex;"><span> ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE <span style="color:#555">=</span> <span style="color:#c30">&#34;fg=#838383,underline&#34;</span>;
</span></span><span style="display:flex;"><span> ZSH_DISABLE_COMPFIX <span style="color:#555">=</span> <span style="color:#c30">&#34;true&#34;</span>;
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> initExtra <span style="color:#555">=</span> <span style="color:#c30">&#39;&#39;
</span></span></span><span style="display:flex;"><span><span style="color:#c30"> export PAGER=less
</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#39;&#39;</span>;
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> shellAliases <span style="color:#555">=</span> {
</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;..&#34;</span> <span style="color:#555">=</span> <span style="color:#c30">&#34;cd ..&#34;</span>;
</span></span><span style="display:flex;"><span> grep <span style="color:#555">=</span> <span style="color:#c30">&#34;rg --smart-case&#34;</span>;
</span></span><span style="display:flex;"><span> ls <span style="color:#555">=</span> <span style="color:#c30">&#34;exa -la --git&#34;</span>;
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;oh-my-zsh&#34;</span> <span style="color:#555">=</span> {
</span></span><span style="display:flex;"><span> enable <span style="color:#555">=</span> <span style="color:#360">true</span>;
</span></span><span style="display:flex;"><span> plugins <span style="color:#555">=</span> [
</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;gitfast&#34;</span>
</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;last-working-dir&#34;</span>
</span></span><span style="display:flex;"><span> ];
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>}
</span></span></code></pre></div><p>Save the file and run:</p>
<pre tabindex="0"><code>home-manager switch
</code></pre><p>You should see another wave of <code>/nix/store/*</code> paths. The new configuration should now be active.</p>
<p>If you run <code>zsh</code>, you should see that you have <a href="https://starship.rs/">starship</a> and access to several other utils such as <code>rg</code>, <code>fd</code>, and <code>exa</code>.</p>

2
public/blog/2021/09/17/automatically-rotating-aws-access-keys/index.html
View File

@@ -11,7 +11,7 @@
<meta property='og:site_name' content='davegallant'>
<meta property='og:type' content='article'><meta property='article:section' content='post'><meta property='article:tag' content='aws'><meta property='article:tag' content='python'><meta property='article:tag' content='security'><meta property='article:tag' content='aws-vault'><meta property='article:published_time' content='2021-09-17T12:48:33-04:00'/><meta property='article:modified_time' content='2021-09-17T12:48:33-04:00'/><meta name='twitter:card' content='summary'>
<meta name="generator" content="Hugo 0.92.2" />
<meta name="generator" content="Hugo 0.99.1" />
<title>Automatically Rotating AWS Access Keys • davegallant</title>
<link rel='canonical' href='/blog/2021/09/17/automatically-rotating-aws-access-keys/'>

102
public/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/index.html
View File

@@ -11,7 +11,7 @@
<meta property='og:site_name' content='davegallant'>
<meta property='og:type' content='article'><meta property='article:section' content='post'><meta property='article:tag' content='docker'><meta property='article:tag' content='podman'><meta property='article:tag' content='containers'><meta property='article:published_time' content='2021-10-11T10:43:35-04:00'/><meta property='article:modified_time' content='2021-10-11T10:43:35-04:00'/><meta name='twitter:card' content='summary'>
<meta name="generator" content="Hugo 0.92.2" />
<meta name="generator" content="Hugo 0.99.1" />
<title>Replacing docker with podman on macOS (and Linux) • davegallant</title>
<link rel='canonical' href='/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/'>
@@ -321,65 +321,65 @@ if (!doNotTrack) {
<p>I&rsquo;ve also observed that so far my 2019 16&quot; Macbook Pro hasn&rsquo;t sounded like a jet engine, although I haven&rsquo;t performed any disk-intensive operations yet.</p>
<h3 id="installing-podman">Installing Podman</h3>
<p>Running Podman on macOS is more involved than on Linux, because the podman-machine must run Linux inside of a virtual machine. Fortunately, the installation is made simple with <a href="https://formulae.brew.sh/formula/podman">brew</a> (read <a href="https://podman.io/getting-started/installation#linux-distributions">this</a> if you&rsquo;re installing Podman on Linux):</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sh" data-lang="sh">brew install podman
</code></pre></div><p>The podman-machine must be started:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sh" data-lang="sh"><span style="color:#09f;font-style:italic"># This is not necessary on Linux</span>
podman machine init
podman machine start
</code></pre></div><h3 id="running-a-container">Running a container</h3>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>brew install podman
</span></span></code></pre></div><p>The podman-machine must be started:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># This is not necessary on Linux</span>
</span></span><span style="display:flex;"><span>podman machine init
</span></span><span style="display:flex;"><span>podman machine start
</span></span></code></pre></div><h3 id="running-a-container">Running a container</h3>
<p>Let&rsquo;s try to pull an image:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-console" data-lang="console"><span style="color:#009;font-weight:bold">$ </span>podman pull alpine
<span style="color:#aaa">Trying to pull docker.io/library/alpine:latest...
</span><span style="color:#aaa">Getting image source signatures
</span><span style="color:#aaa">Copying blob sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e
</span><span style="color:#aaa">Copying config sha256:14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
</span><span style="color:#aaa">Writing manifest to image destination
</span><span style="color:#aaa">Storing signatures
</span><span style="color:#aaa">14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
</span></code></pre></div><blockquote>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-console" data-lang="console"><span style="display:flex;"><span><span style="color:#009;font-weight:bold">$</span> podman pull alpine
</span></span><span style="display:flex;"><span><span style="color:#aaa">Trying to pull docker.io/library/alpine:latest...
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">Getting image source signatures
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">Copying blob sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">Copying config sha256:14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">Writing manifest to image destination
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">Storing signatures
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
</span></span></span></code></pre></div><blockquote>
<p>If you&rsquo;re having an issue pulling images, you may need to remove <code>~/.docker/config.json</code> or remove the set of auths in the configuration as mentioned <a href="https://stackoverflow.com/a/69121873/1191286">here</a>.</p>
</blockquote>
<p>and then run and exec into the container:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-console" data-lang="console"><span style="color:#009;font-weight:bold">$ </span>podman run --rm -ti alpine
<span style="color:#aaa">Error: error preparing container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b for attach: error configuring network namespace for container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b: error adding pod unruffled_bohr_unruffled_bohr to CNI network &#34;podman&#34;: unexpected end of JSON input
</span></code></pre></div><p>What does this error mean? A bit of searching lead to <a href="https://github.com/containers/podman/issues/11837">this github issue</a>.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-console" data-lang="console"><span style="display:flex;"><span><span style="color:#009;font-weight:bold">$</span> podman run --rm -ti alpine
</span></span><span style="display:flex;"><span><span style="color:#aaa">Error: error preparing container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b for attach: error configuring network namespace for container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b: error adding pod unruffled_bohr_unruffled_bohr to CNI network &#34;podman&#34;: unexpected end of JSON input
</span></span></span></code></pre></div><p>What does this error mean? A bit of searching lead to <a href="https://github.com/containers/podman/issues/11837">this github issue</a>.</p>
<p>Until the fix is released, a workaround is to just specify a port (even when it&rsquo;s not needed):</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sh" data-lang="sh">podman run -p <span style="color:#f60">4242</span> --rm -ti alpine
</code></pre></div><p>If you&rsquo;re reading this from the future, there is a good chance specifying a port won&rsquo;t be needed.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>podman run -p <span style="color:#f60">4242</span> --rm -ti alpine
</span></span></code></pre></div><p>If you&rsquo;re reading this from the future, there is a good chance specifying a port won&rsquo;t be needed.</p>
<p>Another example of running a container with Podman can be found in the <a href="https://jellyfin.org/docs/general/administration/installing.html#podman">Jellyfin Documentation</a>.</p>
<h3 id="aliasing-docker-with-podman">Aliasing docker with podman</h3>
<p>Force of habit (or other scripts) may have you calling <code>docker</code>. To work around this:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sh" data-lang="sh"><span style="color:#366">alias</span> <span style="color:#033">docker</span><span style="color:#555">=</span>podman
</code></pre></div><h3 id="podman-compose">podman-compose</h3>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#366">alias</span> <span style="color:#033">docker</span><span style="color:#555">=</span>podman
</span></span></code></pre></div><h3 id="podman-compose">podman-compose</h3>
<p>You may be wondering: what about docker-compose? Well, there <em>claims</em> to be a drop-in replacement for it: <a href="https://github.com/containers/podman-compose">podman-compose</a>.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sh" data-lang="sh">pip3 install --user podman-compose
</code></pre></div><p>Now let&rsquo;s create a <code>docker-compose.yml</code> file to test:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sh" data-lang="sh">cat <span style="color:#c30">&lt;&lt; EOF &gt;&gt; docker-compose.yml
</span><span style="color:#c30">version: &#39;2&#39;
</span><span style="color:#c30">services:
</span><span style="color:#c30"> hello_world:
</span><span style="color:#c30"> image: ubuntu
</span><span style="color:#c30"> command: [/bin/echo, &#39;Hello world&#39;]
</span><span style="color:#c30">EOF</span>
</code></pre></div><p>Now run:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-console" data-lang="console"><span style="color:#009;font-weight:bold">$ </span>podman-compose up
<span style="color:#aaa">podman pod create --name=davegallant.github.io --share net
</span><span style="color:#aaa">40d61dc6e95216c07d2b21cea6dcb30205bfcaf1260501fe652f05bddf7e595e
</span><span style="color:#aaa">0
</span><span style="color:#aaa">podman create --name=davegallant.github.io_hello_world_1 --pod=davegallant.github.io -l io.podman.compose.config-hash=123 -l io.podman.compose.project=davegallant.github.io -l io.podman.compose.version=0.0.1 -l com.docker.compose.container-number=1 -l com.docker.compose.service=hello_world --add-host hello_world:127.0.0.1 --add-host davegallant.github.io_hello_world_1:127.0.0.1 ubuntu /bin/echo Hello world
</span><span style="color:#aaa">Resolved &#34;ubuntu&#34; as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
</span><span style="color:#aaa">Trying to pull docker.io/library/ubuntu:latest...
</span><span style="color:#aaa">Getting image source signatures
</span><span style="color:#aaa">Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
</span><span style="color:#aaa">Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
</span><span style="color:#aaa">Copying config sha256:597ce1600cf4ac5f449b66e75e840657bb53864434d6bd82f00b172544c32ee2
</span><span style="color:#aaa">Writing manifest to image destination
</span><span style="color:#aaa">Storing signatures
</span><span style="color:#aaa">1a68b2fed3fdf2037b7aef16d770f22929eec1d799219ce30541df7876918576
</span><span style="color:#aaa">0
</span><span style="color:#aaa">podman start -a davegallant.github.io_hello_world_1
</span><span style="color:#aaa">Hello world
</span></code></pre></div><p>This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>pip3 install --user podman-compose
</span></span></code></pre></div><p>Now let&rsquo;s create a <code>docker-compose.yml</code> file to test:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>cat <span style="color:#c30">&lt;&lt; EOF &gt;&gt; docker-compose.yml
</span></span></span><span style="display:flex;"><span><span style="color:#c30">version: &#39;2&#39;
</span></span></span><span style="display:flex;"><span><span style="color:#c30">services:
</span></span></span><span style="display:flex;"><span><span style="color:#c30"> hello_world:
</span></span></span><span style="display:flex;"><span><span style="color:#c30"> image: ubuntu
</span></span></span><span style="display:flex;"><span><span style="color:#c30"> command: [/bin/echo, &#39;Hello world&#39;]
</span></span></span><span style="display:flex;"><span><span style="color:#c30">EOF</span>
</span></span></code></pre></div><p>Now run:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-console" data-lang="console"><span style="display:flex;"><span><span style="color:#009;font-weight:bold">$</span> podman-compose up
</span></span><span style="display:flex;"><span><span style="color:#aaa">podman pod create --name=davegallant.github.io --share net
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">40d61dc6e95216c07d2b21cea6dcb30205bfcaf1260501fe652f05bddf7e595e
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">0
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">podman create --name=davegallant.github.io_hello_world_1 --pod=davegallant.github.io -l io.podman.compose.config-hash=123 -l io.podman.compose.project=davegallant.github.io -l io.podman.compose.version=0.0.1 -l com.docker.compose.container-number=1 -l com.docker.compose.service=hello_world --add-host hello_world:127.0.0.1 --add-host davegallant.github.io_hello_world_1:127.0.0.1 ubuntu /bin/echo Hello world
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">Resolved &#34;ubuntu&#34; as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">Trying to pull docker.io/library/ubuntu:latest...
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">Getting image source signatures
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">Copying config sha256:597ce1600cf4ac5f449b66e75e840657bb53864434d6bd82f00b172544c32ee2
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">Writing manifest to image destination
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">Storing signatures
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">1a68b2fed3fdf2037b7aef16d770f22929eec1d799219ce30541df7876918576
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">0
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">podman start -a davegallant.github.io_hello_world_1
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">Hello world
</span></span></span></code></pre></div><p>This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.</p>
<h3 id="summary">Summary</h3>
<p>Installing Podman on macOS was not seamless, but it was manageable well within 30 minutes. I would recommend giving Podman a try to anyone who is unhappy with experiencing forced docker updates, or who is interested in using a more modern technology for running containers.</p>
<p>One caveat to mention is that there isn&rsquo;t an official graphical user interface for Podman, but there is an <a href="https://github.com/containers/podman/issues/11494">open issue</a> considering one. If you rely heavily on Docker Desktop&rsquo;s UI, you may not be as interested in using podman yet.</p>

88
public/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/index.html
View File

@@ -11,7 +11,7 @@
<meta property='og:site_name' content='davegallant'>
<meta property='og:type' content='article'><meta property='article:section' content='post'><meta property='article:tag' content='k3s'><meta property='article:tag' content='proxmox'><meta property='article:tag' content='lxc'><meta property='article:published_time' content='2021-11-14T10:07:03-05:00'/><meta property='article:modified_time' content='2021-11-14T10:07:03-05:00'/><meta name='twitter:card' content='summary'>
<meta name="generator" content="Hugo 0.92.2" />
<meta name="generator" content="Hugo 0.99.1" />
<title>Running K3s in LXC on Proxmox • davegallant</title>
<link rel='canonical' href='/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/'>
@@ -318,11 +318,11 @@ swapoff -a
</code></pre><p>It might be worth experimenting with swap enabled in the future to see how that might affect performance.</p>
<h3 id="enable-ip-forwarding">Enable IP Forwarding</h3>
<p>To avoid IP Forwarding issues with Traefik, run the following on the host:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sh" data-lang="sh">sudo sysctl net.ipv4.ip_forward<span style="color:#555">=</span><span style="color:#f60">1</span>
sudo sysctl net.ipv6.conf.all.forwarding<span style="color:#555">=</span><span style="color:#f60">1</span>
sudo sed -i <span style="color:#c30">&#39;s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g&#39;</span> /etc/sysctl.conf
sudo sed -i <span style="color:#c30">&#39;s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g&#39;</span> /etc/sysctl.conf
</code></pre></div><h2 id="create-lxc-container">Create LXC container</h2>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo sysctl net.ipv4.ip_forward<span style="color:#555">=</span><span style="color:#f60">1</span>
</span></span><span style="display:flex;"><span>sudo sysctl net.ipv6.conf.all.forwarding<span style="color:#555">=</span><span style="color:#f60">1</span>
</span></span><span style="display:flex;"><span>sudo sed -i <span style="color:#c30">&#39;s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g&#39;</span> /etc/sysctl.conf
</span></span><span style="display:flex;"><span>sudo sed -i <span style="color:#c30">&#39;s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g&#39;</span> /etc/sysctl.conf
</span></span></code></pre></div><h2 id="create-lxc-container">Create LXC container</h2>
<p>Create an LXC container in the Proxmox interface as you normally would. Remember to:</p>
<ul>
<li>Uncheck <code>unprivileged container</code></li>
@@ -333,11 +333,11 @@ sudo sed -i <span style="color:#c30">&#39;s/#net.ipv6.conf.all.forwarding=1/net.
<h3 id="modify-container-config">Modify container config</h3>
<p>Now back on the host run <code>pct list</code> to determine what VMID it was given.</p>
<p>Open <code>/etc/pve/lxc/$VMID.conf</code> and append:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sh" data-lang="sh">lxc.apparmor.profile: unconfined
lxc.cap.drop:
lxc.mount.auto: <span style="color:#c30">&#34;proc:rw sys:rw&#34;</span>
lxc.cgroup2.devices.allow: c 10:200 rwm
</code></pre></div><p>All of the above configurations are described in the <a href="https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html">manpages</a>.
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>lxc.apparmor.profile: unconfined
</span></span><span style="display:flex;"><span>lxc.cap.drop:
</span></span><span style="display:flex;"><span>lxc.mount.auto: <span style="color:#c30">&#34;proc:rw sys:rw&#34;</span>
</span></span><span style="display:flex;"><span>lxc.cgroup2.devices.allow: c 10:200 rwm
</span></span></code></pre></div><p>All of the above configurations are described in the <a href="https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html">manpages</a>.
Notice that <code>cgroup2</code> is used since Proxmox VE 7.0 has switched to a <a href="https://pve.proxmox.com/pve-docs/chapter-pct.html#pct_cgroup">pure cgroupv2 environment</a>.</p>
<p>Thankfully cgroup v2 support has been supported in k3s with these contributions:</p>
<ul>
@@ -346,44 +346,44 @@ Notice that <code>cgroup2</code> is used since Proxmox VE 7.0 has switched to a
</ul>
<h2 id="enable-shared-host-mounts">Enable shared host mounts</h2>
<p>From within the container, run:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sh" data-lang="sh"><span style="color:#366">echo</span> <span style="color:#c30">&#39;#!/bin/sh -e
</span><span style="color:#c30">ln -s /dev/console /dev/kmsg
</span><span style="color:#c30">mount --make-rshared /&#39;</span> &gt; /etc/rc.local
chmod +x /etc/rc.local
reboot
</code></pre></div><h2 id="install-k3s">Install K3s</h2>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#366">echo</span> <span style="color:#c30">&#39;#!/bin/sh -e
</span></span></span><span style="display:flex;"><span><span style="color:#c30">ln -s /dev/console /dev/kmsg
</span></span></span><span style="display:flex;"><span><span style="color:#c30">mount --make-rshared /&#39;</span> &gt; /etc/rc.local
</span></span><span style="display:flex;"><span>chmod +x /etc/rc.local
</span></span><span style="display:flex;"><span>reboot
</span></span></code></pre></div><h2 id="install-k3s">Install K3s</h2>
<p>One of the simplest ways to install K3s on a remote host is to use <a href="https://github.com/alexellis/k3sup">k3sup</a>.
Ensure that you supply a valid <code>CONTAINER_IP</code> and choose the <code>k3s-version</code> you prefer.
As of 2021/11, it is still defaulting to the 1.19 channel, so I overrode it to 1.22 for cgroup v2 support. See the published releases <a href="https://github.com/k3s-io/k3s/releases">here</a>.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sh" data-lang="sh">ssh-copy-id root@<span style="color:#033">$CONTAINER_IP</span>
k3sup install --ip <span style="color:#033">$CONTAINER_IP</span> --user root --k3s-version v1.22.3+k3s1
</code></pre></div><p>If all goes well, you should see a path to the <code>kubeconfig</code> generated. I moved this into <code>~/.kube/config</code> so that kubectl would read this by default.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>ssh-copy-id root@<span style="color:#033">$CONTAINER_IP</span>
</span></span><span style="display:flex;"><span>k3sup install --ip <span style="color:#033">$CONTAINER_IP</span> --user root --k3s-version v1.22.3+k3s1
</span></span></code></pre></div><p>If all goes well, you should see a path to the <code>kubeconfig</code> generated. I moved this into <code>~/.kube/config</code> so that kubectl would read this by default.</p>
<h2 id="wrapping-up">Wrapping up</h2>
<p>Installing K3s in LXC on Proxmox works with a few tweaks to the default configuration. I later followed the Tekton&rsquo;s <a href="https://tekton.dev/docs/getting-started/">Getting Started</a> guide and was able to deploy it in a few commands.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-console" data-lang="console"><span style="color:#009;font-weight:bold">$ </span>kubectl get all --namespace tekton-pipelines
<span style="color:#aaa">NAME READY STATUS RESTARTS AGE
</span><span style="color:#aaa">pod/tekton-pipelines-webhook-8566ff9b6b-6rnh8 1/1 Running 1 (50m ago) 12h
</span><span style="color:#aaa">pod/tekton-dashboard-6bf858f977-qt4hr 1/1 Running 1 (50m ago) 11h
</span><span style="color:#aaa">pod/tekton-pipelines-controller-69fd7498d8-f57m4 1/1 Running 1 (50m ago) 12h
</span><span style="color:#aaa"></span><span style="color:#a00;background-color:#faa">
</span><span style="color:#a00;background-color:#faa"></span><span style="color:#aaa">NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
</span><span style="color:#aaa">service/tekton-pipelines-controller ClusterIP 10.43.44.245 &lt;none&gt; 9090/TCP,8080/TCP 12h
</span><span style="color:#aaa">service/tekton-pipelines-webhook ClusterIP 10.43.183.242 &lt;none&gt; 9090/TCP,8008/TCP,443/TCP,8080/TCP 12h
</span><span style="color:#aaa">service/tekton-dashboard ClusterIP 10.43.87.97 &lt;none&gt; 9097/TCP 11h
</span><span style="color:#aaa"></span><span style="color:#a00;background-color:#faa">
</span><span style="color:#a00;background-color:#faa"></span><span style="color:#aaa">NAME READY UP-TO-DATE AVAILABLE AGE
</span><span style="color:#aaa">deployment.apps/tekton-pipelines-webhook 1/1 1 1 12h
</span><span style="color:#aaa">deployment.apps/tekton-dashboard 1/1 1 1 11h
</span><span style="color:#aaa">deployment.apps/tekton-pipelines-controller 1/1 1 1 12h
</span><span style="color:#aaa"></span><span style="color:#a00;background-color:#faa">
</span><span style="color:#a00;background-color:#faa"></span><span style="color:#aaa">NAME DESIRED CURRENT READY AGE
</span><span style="color:#aaa">replicaset.apps/tekton-pipelines-webhook-8566ff9b6b 1 1 1 12h
</span><span style="color:#aaa">replicaset.apps/tekton-dashboard-6bf858f977 1 1 1 11h
</span><span style="color:#aaa">replicaset.apps/tekton-pipelines-controller-69fd7498d8 1 1 1 12h
</span><span style="color:#aaa"></span><span style="color:#a00;background-color:#faa">
</span><span style="color:#a00;background-color:#faa"></span><span style="color:#aaa">NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
</span><span style="color:#aaa">horizontalpodautoscaler.autoscaling/tekton-pipelines-webhook Deployment/tekton-pipelines-webhook 9%/100% 1 5 1 12h
</span></code></pre></div><p>I made sure to install Tailscale in the container so that I can easily access K3s from anywhere.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-console" data-lang="console"><span style="display:flex;"><span><span style="color:#009;font-weight:bold">$</span> kubectl get all --namespace tekton-pipelines
</span></span><span style="display:flex;"><span><span style="color:#aaa">NAME READY STATUS RESTARTS AGE
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">pod/tekton-pipelines-webhook-8566ff9b6b-6rnh8 1/1 Running 1 (50m ago) 12h
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">pod/tekton-dashboard-6bf858f977-qt4hr 1/1 Running 1 (50m ago) 11h
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">pod/tekton-pipelines-controller-69fd7498d8-f57m4 1/1 Running 1 (50m ago) 12h
</span></span></span><span style="display:flex;"><span><span style="color:#aaa"></span><span style="color:#a00;background-color:#faa">
</span></span></span><span style="display:flex;"><span><span style="color:#a00;background-color:#faa"></span><span style="color:#aaa">NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">service/tekton-pipelines-controller ClusterIP 10.43.44.245 &lt;none&gt; 9090/TCP,8080/TCP 12h
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">service/tekton-pipelines-webhook ClusterIP 10.43.183.242 &lt;none&gt; 9090/TCP,8008/TCP,443/TCP,8080/TCP 12h
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">service/tekton-dashboard ClusterIP 10.43.87.97 &lt;none&gt; 9097/TCP 11h
</span></span></span><span style="display:flex;"><span><span style="color:#aaa"></span><span style="color:#a00;background-color:#faa">
</span></span></span><span style="display:flex;"><span><span style="color:#a00;background-color:#faa"></span><span style="color:#aaa">NAME READY UP-TO-DATE AVAILABLE AGE
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">deployment.apps/tekton-pipelines-webhook 1/1 1 1 12h
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">deployment.apps/tekton-dashboard 1/1 1 1 11h
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">deployment.apps/tekton-pipelines-controller 1/1 1 1 12h
</span></span></span><span style="display:flex;"><span><span style="color:#aaa"></span><span style="color:#a00;background-color:#faa">
</span></span></span><span style="display:flex;"><span><span style="color:#a00;background-color:#faa"></span><span style="color:#aaa">NAME DESIRED CURRENT READY AGE
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">replicaset.apps/tekton-pipelines-webhook-8566ff9b6b 1 1 1 12h
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">replicaset.apps/tekton-dashboard-6bf858f977 1 1 1 11h
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">replicaset.apps/tekton-pipelines-controller-69fd7498d8 1 1 1 12h
</span></span></span><span style="display:flex;"><span><span style="color:#aaa"></span><span style="color:#a00;background-color:#faa">
</span></span></span><span style="display:flex;"><span><span style="color:#a00;background-color:#faa"></span><span style="color:#aaa">NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">horizontalpodautoscaler.autoscaling/tekton-pipelines-webhook Deployment/tekton-pipelines-webhook 9%/100% 1 5 1 12h
</span></span></span></code></pre></div><p>I made sure to install Tailscale in the container so that I can easily access K3s from anywhere.</p>
<p>If I&rsquo;m feeling adventurous, I might experiment with <a href="https://rancher.com/docs/k3s/latest/en/advanced/#running-k3s-with-rootless-mode-experimental">K3s rootless</a>.</p>
</div>

4
public/blog/2022/03/13/backing-up-gmail-with-synology/index.html
View File

@@ -11,7 +11,7 @@
<meta property='og:site_name' content='davegallant'>
<meta property='og:type' content='article'><meta property='article:section' content='post'><meta property='article:tag' content='degoogle'><meta property='article:tag' content='synology'><meta property='article:tag' content='gmail'><meta property='article:tag' content='backup'><meta property='article:tag' content='ransomware'><meta property='article:published_time' content='2022-03-13T18:49:10-04:00'/><meta property='article:modified_time' content='2022-03-13T18:49:10-04:00'/><meta name='twitter:card' content='summary'>
<meta name="generator" content="Hugo 0.92.2" />
<meta name="generator" content="Hugo 0.99.1" />
<title>Backing Up Gmail With Synology • davegallant</title>
<link rel='canonical' href='/blog/2022/03/13/backing-up-gmail-with-synology/'>
@@ -325,7 +325,7 @@ if (!doNotTrack) {
<p>Since Synology devices are not hermetically sealed, it&rsquo;s best to secure them by <a href="https://kb.synology.com/en-us/DSM/tutorial/How_to_add_extra_security_to_your_Synology_NAS#x_anchor_id8">enabling MFA</a> to help prevent being the <a href="https://www.bleepingcomputer.com/news/security/qlocker-ransomware-returns-to-target-qnap-nas-devices-worldwide/">victim of ransomware</a>. It is also wise to backup your system settings and volumes to the cloud using a tool such as <a href="https://www.synology.com/en-ca/dsm/feature/hyper_backup">Hyper Backup</a>.
Encrypting your shared volumes should also be done, since unfortunately <a href="https://community.synology.com/enu/forum/12/post/144665">DSM does not support full disk encryption</a>.</p>
<h2 id="summary">Summary</h2>
<p>Having backups of various forms of cloud data is a good investment, especially in these <a href="https://en.wikipedia.org/wiki/2022_Ukraine_cyberattacks">uncertain times</a>. I certainly feel more at ease for having backed up my emails.</p>
<p>Having backups of various forms of cloud data is a good investment, especially in <a href="https://en.wikipedia.org/wiki/2022_Ukraine_cyberattacks">times of war</a>. I certainly feel more at ease for having backed up my emails.</p>
</div>

2
public/blog/2022/04/02/virtualizing-my-router-with-pfsense/index.html
View File

@@ -11,7 +11,7 @@
<meta property='og:site_name' content='davegallant'>
<meta property='og:type' content='article'><meta property='article:section' content='post'><meta property='article:tag' content='pfsense'><meta property='article:tag' content='router'><meta property='article:tag' content='openwrt'><meta property='article:tag' content='router-on-a-stick'><meta property='article:tag' content='proxmox'><meta property='article:tag' content='vlan'><meta property='article:published_time' content='2022-04-02T18:50:09-04:00'/><meta property='article:modified_time' content='2022-04-02T18:50:09-04:00'/><meta name='twitter:card' content='summary'>
<meta name="generator" content="Hugo 0.92.2" />
<meta name="generator" content="Hugo 0.99.1" />
<title>Virtualizing My Router With pfSense • davegallant</title>
<link rel='canonical' href='/blog/2022/04/02/virtualizing-my-router-with-pfsense/'>