Setting up a mail relay server with Postfix, DKIM, and a little Nebula trickery.

  configuration email howto servers sysadmin libreops

Given the proliferation of spam on just about every vaguely workable platform these days it seems sheer insanity to attempt to run your own mail server.  If it's out there, it's ripe for abuse in one way in another.  And yet, e-mail is still probably one of the best ways to get status reports from your machines every day (my SMTP bridge notwithstanding).  It is thus that the default configuration for mail servers these days defaults to "no way in hell will I relay a message for you," which is a net good for the the Internet as a whole …

Read more...

Faking a telnet server with netcat.

  howto retrocomputing sysadmin telnet netcat libreops

Let's say that you need to be able to access a server somewhere on your network.  This is a pretty common thing to do if you've got a fair amount of infrastructure at home.  But let's say that your computer, for whatever reason, doesn't have the horsepower to run SSH because the crypto used requires math that older systems can't carry out in anything like reasonable time.  This is a not uncommon situation for retrocomputing enthusiasts.  In the days before SSH we used telnet for this, but pretty much the entire Net doesn't anymore because the traffic wasn't encrypted, so …

Read more...

Neologism: Software installation roulette

  neologisms sysadmin software

software installation roulette - The practice of piping the output of a web browser or other HTTP tool directly through a system shell, usually as root to install something important.  The danger is that you don't know if the shell script has anything nefarious in it (such as rm -rf / or the installation of a rootkit) and by the time you find out it's far too late.

For example: sudo bash -c "$(wget -q -O- https://totally.legit.example.com/install.sh)"

Tunneling across networks with Nebula.

  exocortex libreops networks services sysadmin howto vpn

Longtime readers have no doubt observed that I plug a lot weird shit into my exocortex - from bookmark managers to card catalogues to just about anything that has an API.  Sometimes this is fairly straightforward; if it's on the public Net I can get to it (processing that data is a separate issue, of course).  But what about the stuff I have around the lab?  I'm always messing with new toys that are network connected and occasionally useful.  The question is, how do I get it out of the lab and out to my exocortex?  Sometimes I write bots to …

Read more...

Migrating to Restic for offsite backups.

  backblaze backups duplicity libreops linux sysadmin restic

20201023: UPDATE: Added command to clean the local backup cache.

20200426: UPDATE: Fixed the "pruned oldest snapshots" command.

A couple of years back I did a how-to about using a data backup utility called Duplicity to make offsite backups of Leandra to Backblaze B2. (referrer link) It worked just fine; it was stable, it was easy to script, you knew what it was doing.  But over time it started to show its warts, as everything does.  For starters, it was unusually slow when compared to the implementation of rsync Duplicity uses by itself.  I spent some time digging into it …

Read more...

Neologism: Smoke and mirrors system administration

  neologisms work sysadmin

smoke and mirrors system administration - noun phrase - When you bring a problem to your support team and they go silent for hours to days at a time.  No amount of poking and prodding is sufficient to get anyone on the team to respond to your requests for status updates.  When they finally get back to you they say that nothing's wrong and you must have made a mistake.  Your thing is now unbroken.  They never tell you (or anyone, for that matter) what they fixed or how they fixed it.

Neologism: Basketball mode

  it neologisms sysadmin

basketball mode - noun phrase - When a service or application crashes and restarts itself over and over, i.e., bouncing like a basketball every few seconds.  Considered an outage.

Ansible: Reboot the server and pick up where it left off.

  ansible howto linux sysadmin

Here's the situation: You're using Ansible to configure a machine on your network, like a new Raspberry Pi.  Ansible has done a bunch of things to the machine and needs to reboot it - for example, when you grow a Raspbian disk image so that it takes up the entire device, it has to be rebooted to notice the change.  The question is, how do you reboot the machine, have Ansible pick up where it left off, and do it in one playbook only (instead of two or more)?

I spent the last couple of days searching for specifics and found …

Read more...

Automating deployment of Let's Encrypt certificates.

  howto lets_encrypt linux ssl sysadmin tls web

A couple of weeks back, somebody I know asked me how I went about deploying SSL certificates from the Let's Encrypt project across all of my stuff.  Without going into too much detail about what SSL and TLS are (but here's a good introduction to them), the Let's Encrypt project will issue SSL certificates to anyone who wants one, provided that they can prove somehow that they control what they're cutting a certificate for.  You can't use Let's Encrypt to generate a certificate for google.com because they'd try to communicate with the server (there isn't any such thing but …

Read more...