Show newer

Yes! It's cool enough to really enjoy a hot coffee again. 🙂

Arrrrrrrghhhhhh. I've just spend three hours debugging why my Ubuntu Server install VM is not coming up.

It crashed with "No working init found".

The problem? The initramfs could not be unpacked, because the Qemu default 512 MB were simply not large enough. 🤦‍♂️

CrowdSec introduction put on ice, because I've just ordered an Udoo X86 II Ultra which will serve as the x86 node in my Raspberry Pi cluster.

I've finished the basic planning and already decided that I will netboot the Udoo with a Ceph RBD root disk.

Now I just need to figure out how to best provision the Machine. Packer, which I'm already using for my Pi nodes, looks like it might be good for image creation here too.

Success! Snagged an UDOO x86 II Ultra: shop.udoo.org/en_eu/udoo-x86-i

It will serve as the single x86 node in my homelab once I've switched to the Turin Pi 2 with Pi CM4s, just in case I want to run something which is not available for aarch64.

Just one friggin Raspberry Pi 4 4GB. Just one. Is that really too much to ask? 😒

If you can read this toot, the regular "All the hosts, all the patches" ceremony was successful.

Michael boosted

Here's a vision I've been munching on for a few days:

Take the idea of #Uberspace and apply it to a #Kubernetes cluster.

Uberspace, unlike other hosting platforms, provides you with an account on a shared server with a reasonable amount of resources, all for a flat fee.

I imagine that this concept is a perfect use-case for Kubernetes. Each user gets access to their own namespace on a shared cluster where they can create resources at will, while staying in some resource boundaries.

Hm, thinking about it a bit more...there are a lot of things which are "files" on Linux. A named pipe for example.

Or just the fd0 of another process. So perhaps it could be as easy as redirecting the output of Loki's logcli to one of those and then consuming the result with CrowdSec?

Show thread

Started reading up on CrowdSec. I like the idea of "Distributed thread intelligence". It also already has a plugin for my OPNsense firewall.

Only problem is getting logs into it from my Fluentd/Loki stack. I would like to avoid pushing all logs from everywhere to disk, just so that CrowSec can read them.

Michael boosted

New people, welcome!

If you need help using Mastodon and the Fediverse, check out the Unofficial Guide:

growyourown.services/an-unoffi

It's got lots of advice for both complete beginners and experienced users. I've tried to write it as clearly and non-technically as possible.

Also, I'm gradually adding all the past posts from FediTips to the guide, and will add future posts too.

If you want to post these tips elsewhere in your own language, please feel free! The tips are meant to be spread as far as possible.

Message me if you have any questions/feedback :blob_cat:

p.s. For an alternative perspective, check out the excellent "Increasingly Less-Brief Guide to Mastodon" by @noelle at:

github.com/joyeusenoelle/Guide

Note to self: Get into the habit of actually reading and thinking about what you just wrote for at least 1.5s before hitting the "Toot!" button...🤦

While writing an article about creating Raspberry Pi images with HashiCorp Packer, I came across one of my favourite "Wait, it can do what?!" moments in working with Linux:

binfmt_misc. [1]

With that functionality, you can execute e.g. aarch64 binaries directly on your host, without having to spin up a VM, using Qemu's static user binaries and a bit of Kernel magic.

[1] docs.kernel.org/admin-guide/bi

Redraft: Hashtags

One thing I've been annoyed about for my blog is that the Theme I chose does not have notice boxes, like "Warning" or "Note".

What Themes are you using for (mostly) technical blogs, supporting such notice boxes?

I'm liking PaperMod, the theme I'm currently using, but its lack of notice boxes annoys me.

Redraft to add: I'm using Hugo for my blog.

Just returned from getting a hair cut down to 6mm. I'm happy to report: My receding hairline can still safely be called an orderly retreat, not a route. 😅

Michael boosted

Right, added a load of tips to the Advanced section:

growyourown.services/how-to-us

These aren't actually that advanced, but I didn't want to overwhelm new people by filling the Basics section with stuff to learn.

Advanced is a mixture of slightly trickier stuff and easy stuff that most people wouldn't use every day.

Next up are some more tips in Advanced, then the Admin section, then some more non-Masto additions, then this account goes back to normal service.

If you know someone who is new to Mastodon and the Fediverse, please give them a link to the front page of the guide, it will hopefully answer their questions:

growyourown.services/an-unoffi

Show thread

I've finally found time to watch the final two seasons of The Expanse.

And Marco Inaros has a very similar vibe to King Joffrey in Game of Thrones. He desperately needs his throat slit.

Michael boosted

May I have a USB-4 Version 2.0 Type-C cable? 🤷

From the public:

* USB (v1, plug type A)
* USB 2 (invisible "it's faster now" release, type A)
* USB 3 or "the blue one" (v3, usually A, but type B plugs exist)
* USB4, USB-C, or Thunderbolt, or "hey we removed a space before the number in our advertising" (C only)
* "USB4 Version 2.0 over Type-C", or "we forgot our naming scheme, added fractions, oh and did we say it's faster?"

daringfireball.net/linked/2022

en.wikipedia.org/wiki/USB-C

#USB

Ah alright, my Google Fu just left me there for a moment, here is the bug for this problem: github.com/envoyproxy/envoy/is

Show thread

Does anybody have an arm64 host available with Docker installed? If so, could you execute the command "docker run envoyproxy/envoy:v1.23.0" on it? That image is supposed to have an arm64 variant, but for me it throws an exec format error.

Finally Done: My host TLS certificates now come out of Vault instead of using Ansible's SSL cert module.

One tip for all the Nomad users out there: If you're using TLS for Nomad's cluster traffic, make sure your certificates contain the SAN "DNS:server.global.nomad" for Nomad server hosts and "DNS:client.global.nomad" for Nomad client hosts.
It doesn't matter whether those DNS names actually resolve in your setup. Without them, Nomad throws TLS cert errors.

Show older
Meier's Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!