Blog

sha256: 2b87a252a3d912530dd8c20df6bee7f6cbc4ede0074fdf217e318aab39d9736c

Comment - Just a Test

Comment

… just some Tests with a Selfhosted Comment System …

Any Comments ?

sha256: fb36d5cc6b606ccda2b76801b8272a47f07c51c1bb6b4c12d81d7c91f46eb060

Anycast - Checker

Network

When is an anycast ip an anycast ip ?

that’s a question i was asked recently. As LTNN (Long Term Networking Nerd), i’m aware of Unicast, Multicast, Broadcast and also Anycast. so, let’s have a look into this.

hint: this article is not about how to setup your own anycast network. this may follow soon ?!?

Terminologie

Unicast 1:1

Sending a message from one sender to one recipient

Multicast 1:many

Sending a message from one sender to multiple recipients

OpenBSD 7.3

OpenBSD

OpenBSD 7.3 finally released.

Today, the 54th Release of OpenBSD was announced. The Upgrade Script is available here …

one cool thing to mention:

  • Added initial support in the installer for guided disk encryption for amd64, i386, riscv64 and sparc64.

Script

as root

cd /root
ftp https://blog.stoege.net/scripts/.helpers
ftp https://blog.stoege.net/scripts/upgrade_to_73.sh
chmod u+x upgrade_to_73.sh

Execute

./upgrade_to_73.sh
Any Comments ?

sha256: 000c2b0afa4739a87a7e921ec1fcfa4fb9113effd47e2f2456dfb2b66f65a34f

OpenBSD 7.3 - Diskusage

OpenBSD

New Proposal for 7.3

there is an request for at least 1.1GB free Storage at the /usr Partition when upgrading your systeme with sysupgrade. so, i have to adapt my settings a bit for new vm’s with at least 25GB Storage.

Example with 20GB

a 4G  /
a 1G  swap
a 1G  /tmp
a 4G  /var
a 6G  /usr
a *   /home (ca. 4 GB)

Example with 25GB (Vultr)

a 4G  /
a 2G  swap
a 2G  /tmp
a 6G  /var
a 6G  /usr
a *   /home (ca. 5 GB)

which results in:

root@puffy# df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/sd0a      3.9G   55.8M    3.6G     2%    /
/dev/sd0g      4.8G    2.0K    4.6G     1%    /home
/dev/sd0d      1.9G   10.0K    1.8G     1%    /tmp
/dev/sd0f      5.8G    1.4G    4.1G    26%    /usr
/dev/sd0e      5.8G    7.7M    5.5G     1%    /var

Example with 32GB

a 4G  /
a 1G  swap
a 2G  /tmp
a 8G  /var
a 8G  /usr
a *   /home (ca. 9 GB)

which results in:

root@puffy# df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/sd0a      3.9G    876M    2.8G    24%    /
/dev/sd0g      8.7G    119M    8.1G     2%    /home
/dev/sd0d      1.9G    108K    1.8G     1%    /tmp
/dev/sd0f      7.8G    2.6G    4.8G    35%    /usr
/dev/sd0e      7.8G   19.6M    7.3G     1%    /var

Example with 40GB (Hetzner)

a 4G  /
a 2G  swap
a 2G  /tmp
a 16G /var
a 8G  /usr
a 8G  /home (ca. 8 GB)

which results in:

root@puffy# df -h

Example with 80GB (Hetzner)

a 4G  /
a 4G  swap
a 4G  /tmp
a 16G /var
a 16G /usr
a 16G /home
a *   /data (ca. 16 GB)

which results in:

root@template74 # df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/sd0a      3.9G    220M    3.5G     6%    /
/dev/sd0h     15.5G    2.0K   14.7G     1%    /data
/dev/sd0g     15.5G   14.0K   14.7G     1%    /home
/dev/sd0d      3.9G   14.0K    3.7G     1%    /tmp
/dev/sd0f     15.5G    2.0G   12.7G    14%    /usr
/dev/sd0e     15.5G   10.6M   14.7G     1%    /var
Any Comments ?

sha256: 98fa116cf8d4782253fc3da12042383893d396b1ad8d8c146a9e3dfd6c20e7d9

FreeBSD - Upgrade to 13.2

FreeBSD

Upgrade FreeBSD 13.1 to 13.2

reading some NewFeeds, FreeBSD 13.2 got released … Let’s do an upgrade and see if it’s working fine.

Patch it first

freebsd-update fetch
freebsd-update install

reboot

may not needed, but you have to boot anyway a few times …

Fetch and Upgrade to 13.2

this needs some time ! depending on your internet speed, and specially to power and filesystem performance of your machine. 5-10min for a common VM is not unreal :(

OpenBSD - NTopNG

OpenBSD

NTOPNG with Self Signed Cert

ntopng is a network traffic probe that provides 360° Network visibility, with its ability to gather traffic information from traffic mirrors, Netflow exporters, SNMP devices, Firewall logs, Intrusion Detection systems.

package

as root

pkg_add ntopng

Cert

To use HTTPS on the built-in web server, create /etc/ssl/ntopng-cert.pem containing both the private key and certificate in the same file and make this readable by the _ntopng user. Use the -W flag to listen on HTTPS.

Debian 12

Linux

Debian 12 is here !

you may find some of my Posts about Debian useful

Upgrade Script

assuming you have Debian 11.x running

cat << 'EOF' > /root/upgrade_to_v12.sh
#!/usr/bin/env bash

# set Version
sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list
sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list.d/*

# Update
apt-get -y update
apt-get -y upgrade
apt-get -y dist-upgrade
apt autoclean
apt autoremove
apt --purge autoremove

# you may add/update -> /etc/apt/sources.list
# deb http://security.debian.org/debian-security/ bookworm-security main
# deb-src http://security.debian.org/debian-security/ bookworm-security main

exit 0
EOF

chmod u+x /root/upgrade_to_v12.sh

Run

run the script and wait a few minutes …

OpenBSD - Terraform

OpenBSD

Terraform OpenBSD & Vultr

doas pkg_add git gmake go terraform

cat << EOF

# Go, $(date)
export PATH=$PATH:$(go env GOPATH)/bin
export GOPATH=$(go env GOPATH)
EOF

mkdir -p $GOPATH/src/github.com/vultr; cd $GOPATH/src/github.com/vultr
git clone git@github.com:vultr/terraform-provider-vultr.git

cd $GOPATH/src/github.com/vultr/terraform-provider-vultr
gmake build

main.tf

cat << 'EOF' > main.tf
terraform {
  required_providers {
    vultr = {
      source = "vultr/vultr"
      version = "2.12.1"
    }
  }
}

resource "vultr_instance" "web" {
  count = 2
  plan  = "vc2-1c-1gb"
  region = "fra"
  hostname = "web-${count.index+1}"
  label = "web-${count.index+1}"
}
EOF

Init, Plan, Apply

export TF_VULTR_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

terraform init
terraform plan
terraform apply

main.tf

5 Servers in 5 Regions, each of them has got a uniqe name and the authorized_key file adjusted …

Docker - Swarm

Linux, Docker

Setup

Let’s assume we have 3 Nodes in a Docker Swarm Setup.

  • Tick
  • Trick
  • Track

Track is the Leader/Manager. All Machines runs Debian 12.0 (RC, as it is not yet released)

Show Nodes

docker node ls

root@track:~# docker node ls
ID                            HOSTNAME    STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
b2zvkc374v08q2rpocljhkg5n     tick        Ready     Active                          23.0.2
khom3cx05bxqxktjq1k5j16gk *   track       Ready     Active         Leader           23.0.2
lq53s6mhuzvqrehks0j68sr3e     trick       Ready     Active                          23.0.2

Create Simple Service

Run a simple Docker service that uses an alpine-based filesystem, and isolates a ping to 8.8.8.8

OpenBSD - Rclone

OpenBSD

WebDAV Server

need a little WebDAV Server ? Selfhosting your Password DB ?

pkg

pkg_add rclone
mkdir -p /rclone/webdav

run

rclone serve webdav /your/root/folder --addr YOUR_PUBLIC_IP:PORT \
  --key /etc/ssl/certs/your.private.key \
  --cert /etc/ssl/certs/your.public.cer \
  --user someuser \
  --pass somepass

Browser

browse to https://your_public_ip:port

  • user: someuser
  • pass: somepass

done !

htpasswd

got some Users and wanna put them in the htaccess file ? be carefull as these users all share the same folder !

cd /rclone
touch htpasswd
htpasswd htpasswd tick
htpasswd htpasswd trick
htpasswd htpasswd track
chmod 600 htpasswd

Dashboard

do you like dashboars ? it’s also included, have a look …