BoxyBSD is a non-profit project dedicated to providing free virtual machine (VM) hosting on IPv6, with a particular emphasis on BSD-based systems such as FreeBSD, NetBSD, and OpenBSD. The project's primary objective is to contribute back value to the open-source community by offering a platform where beginners and newcomers can learn and educate themselves using real systems. By offering free virtual machine hosting, BoxyBSD aims to remove financial barriers that often deter individuals from gaining hands-on experience with BSD-based systems. This initiative allows users to explore, experiment, and learn about these systems in a practical and interactive manner. BoxyBSD's focus on BSD-based systems ensures that users have access to a diverse range of operating environments, enabling them to familiarize themselves with different BSD distributions and their respective features. This approach not only promotes knowledge and understanding within the community but also encourages collaboration and innovation among enthusiasts, students, and professionals .... [read more]
Proxmox just released its new import wizard which makes it much easier to migrate virtual machines from a VMware ESXi system to a Proxmox environment. This being said, it also offers the general support of live importing virtual machines. Migrating VMs to the Proxmox environment uses the official ESXi API through a user space filesystem with a fine-tuned read-ahead cache which is fully written in Rust. Unlike before, this solution does not require the manual steps of copying the virtual machine's image file, converting (depending on Proxmox version), importing and assigning anymore and streamlines the whole user experience within the Proxmox webui. Requirements * PVE 8+ * pve-manager 8.1-8 * libpve-storage-perl 8.1.3 * pve-esxi-import-tools Installation Integrating this is pretty straight forward: pve-esxi-import-tools is already available within the pvetest and pve-no-subscription repositories and can easily be installed (to do on each Proxmox node) by running to following commands: $> apt-get update .... [read more]
QualvoSec is a robust open-source (based on GPLv3) security patch management tool designed for unattended upgrades on a variety of systems, encompassing mainstream Linux distributions (like Debian, Ubuntu, Garden Linux, RedHat, CentOS, RockyLinux etc.) and BSD-based systems like FreeBSD. This tool empowers operators to exercise control over client systems' patch integration, offering flexibility in managing updates, particularly for crucial components like kernels or glibc. They key features of QualvoSec consists of: * Not running as root * Only specific commands allowed by sudo * Clients pulling information from server * Server provides only a static manifest * Holding the patch windows of clients * No remote code executions * A potential compromised server could not be able to execute code on clients * Health monitoring endpoint on clients * Minimalistic design * Admin tool for creating, deleting and looking up of client patch windows * Fully written in Python3 * .... [read more]
One of the standout features is the automatic utilization of modern virtualization functionalities supported by KVM, such as Advanced Programmable Interrupt Controller virtualization (APICv). This integration ensures that users benefit from cutting-edge virtualization capabilities, potentially enhancing the performance and responsiveness of their VMs. A noteworthy advantage lies in the fact that KVM is an integral part of the Linux kernel. This implies that users can access KVM directly with every kernel update, ensuring compatibility and optimal performance without the need for additional configurations or driver installations. The streamlined integration with the Linux kernel positions VirtualBox KVM as a robust and reliable choice for virtualization enthusiasts within the Linux ecosystem. It's essential to acknowledge that, due to the shift in the underlying hypervisor from VirtualBox to KVM, there may be variations in guest performance. The extent of these differences is contingent upon the specific workload of the guest VM. Virtualization enthusiasts .... [read more]
This HowTo guides you through the setup process of snac2 on a minimalistic FreeBSD (FreeBSD 14) system to run and serve your own ActivityPub instance within the Fediverse. snac2 is also compatible with Mastodon instances for further interactions. snac2 is a simple, minimalistic ActivityPub instance written in portable C and can run on all Linux and BSD systems. Within this HowTo snac2 will be installed behind a nginx reverse proxy for SSL/TLS offloading. First, we start installing the required package dependencies: pkg install git curl py39-certbot-nginx-2.6.0 py39-certbot-2.6.0,1 nginx Afterwards, the snac2 project repository can be cloned and snac2 compiled from the C code source: git clone https://codeberg.org/grunfink/snac2.git cd snac2 make make install Thanks to Stefano (from the BSD Cafe project) for the FreeBSD rc service file to start the snac2 instance. Within the next steps we just copy the rc service file to the right location and prepare everything to .... [read more]
Operating your own IPv6-capable container registry ( Distribution Registry ) for Docker and Podman offers several advantages. By hosting container images on a dedicated registry, you gain greater control over image distribution, access, and security. With cnt-reg.gyptazy.ch a new IPv6 capable container registry got launched. The use of IPv6 ensures scalability and future-proofing in the increasingly IPv6-dominated networking landscape. This setup provides autonomy in managing container images, reducing reliance on external services. It enhances security by allowing you to implement customized access controls, monitor image integrity, and efficiently manage permissions for Docker and Podman deployments. Moreover, having your own container registry contributes to improved performance, as image retrieval and deployment can be optimized within your network infrastructure. This localized control also reduces dependency on external network conditions, resulting in faster image pulls and more reliable deployments. This container registry hosts multiple open-source and community driven projects like manpageblog and Plutono .... [read more]
BoxyBSD is an innovative service hosted and developed by gyptazy that provides a unique opportunity for enthusiasts, developers, and curious minds to explore the powerful FreeBSD operating system in a risk-free and hassle-free environment. BoxyBSD offers free FreeBSD virtual machines (VMs) served as jails, allowing users to immerse themselves in the FreeBSD experience without the need for complex setups or installations. Embrace the freedom to explore, innovate, and debug with BoxyBSD – your gateway to a temporary yet enriching FreeBSD experience! Each jail has its own public IPv6 address, located in Switzerland. With BoxyBSD, users can enjoy a limited lifetime of 12 hours to play around with FreeBSD, experiment with configurations, and engage in debugging activities. This time window provides ample opportunity for users to delve into the world of FreeBSD, understanding its robust features and optimizing their skills. Whether you're a seasoned developer seeking a quick testing ground or .... [read more]
The BSD Cafe is a thriving community that goes beyond being just a gathering of BSD enthusiasts; it serves as a comprehensive repository of knowledge and experiences shared by its members. The platform features in-depth reviews of BSD-related software and hardware, providing valuable insights into real-world experiences and hardware compatibility. The community aims to assist individuals in making informed decisions when building or optimizing systems for BSD but Linux users are of course also welcome. The founder and guiding spirit of BSD Cafe, Stefano Marinelli , is introduced as our "Barista" and had the idea to create a modern place for BSD enthusiasts which does not only target experienced users. It is also a place for beginners to start and learn using BSD based systems. Beginners will be guided and taugth in systems like FreeBSD , NetBSD , OpenBSD , DragonFlyBSD , helloSystem and all other BSD based systems. Linux .... [read more]
Finally, I rejoined the ntppool.org project again. Several years ago, I already contributed with several Stratum 1 systems which were connected to a Stratum 0 (GPS). Nowadays, most ones do not care about NTP and time synchronization anymore but it gets more important than ever when it comes to encryption, authentication and logging. Therefore, I took my old Stratum 0 GPS systems and created four new ntp server which are also included within the nto pool project. But of course, you are also able to use them directly without using the pool. ntp01.gyptazy.ch (stratum 1) IPv4: 37.114.42.55 IPv6: 2a00:ccc1:102:24c::1337 Location: Frankfurt, Germany ntp02.gyptazy.ch (stratum 1) IPv4: 37.114.55.6 IPv6: 2a00:ccc1:102:26c::1337 Location: Frankfurt, Germany ntp03.gyptazy.ch (stratum 1) IPv4: 45.129.181.241 IPv6: 2a03:4000:47:1f1::1337 Location: Nürnberg, Germany ntp04.gyptazy.ch (stratum 1) IPv4: 45.157.178.14 IPv6: 2a03:4000:4b:6e::1337 Location: Nürnberg, Germany You can also find some further stats here . .... [read more]
manpageblog - a small, lightweight blog engine written in Python and offers several advantages in a look of a man page (Unix like manual page). Firstly, it provides simplicity and ease of use, making it accessible even for users with limited technical knowledge. The lightweight nature ensures quick installation and minimal resource consumption, making it suitable for various hosting environments. Python's readability and straightforward syntax make the blog engine easy to customize and extend, allowing users to tailor it to their specific needs. Additionally, being Python-based means leveraging a vast ecosystem of libraries and frameworks, enhancing the blog's functionality without unnecessary complexity. The lightweight nature also contributes to faster loading times, improving user experience and search engine rankings. Overall, a small, lightweight blog engine in Python combines simplicity, flexibility, and efficiency, making it an ideal choice for those prioritizing a streamlined and customizable blogging experience. Features: * Slim & lightweight .... [read more]
Changelog Fragments Creator just got released in V1.3. Changelog Fragments Creator (a changelog generator in Python) may be used in development setups where working on a single CHANGELOG.md file might result in ongoing merge conflicts due to too many changes on the same file. This is where Changelog Fragments Creator steps in to solve this by creating YAML based files for each PR according to its planned release version. The output format is based on Keep a Changelog, and this project adheres to Semantic Versioning. This changelog creator is written for minimal setups to be usable across almost all systems (platforms and distributions). Therefore, some dirty stunts were needed to avoid templating (jinja2), etc. to drop some imports that would require additional dependencies. Changelog Fragments Creator is fully open-source. You can find the sources and download it: changelog-fragments-creator V1.3 @github . .... [read more]
This overview offers you an insight into my self-created Vagrant compatible boxes and images of different Linux and BSD operating systems for Apple Silicon based Macs. Apple Silicon's hardware architecture is based on ARM64 (AARCH64) which is incompatible with the AMD64 (x86_64) hardware architecture. The following boxes provide further virtualization support and can run as a virtual machine (VM) on your Mac. You may also use these images on any other ARM64 based platform. Images: * Alpine 3.18.4 (Standard) * Alma Linux 9.3 * Alpine Desktop XFCE 3.18.4 * Arch Linux 2023.10.07 * CasaOS 0.4.7 (based on Debian 12) * CentOS 9 Stream * Chimera 20240122 * Debian 11.8 Bullseye * Debian 12.1 Bookworm * Debian 12 Bookworm with Ansible Semaphore (MariaDB) * Debian 12 Nextcloud 28 (MySQL/nginx) * Fedora 38 (server) * Fedora 39 (server) * Fedora 40 (server) * FreeBSD 13.2 * FreeBSD 14 Beta 4 * FreeBSD .... [read more]
Creating packages for Debian (Ubuntu), RedHat (CentOS, Fedora) & FreeBSD can easily be done by CMake’s CPacks feature. This provides great possibilities to create packages from sources but also to ship just configuration files with a single config for one or more distributions. In general, it also supports creating packages from different distributions. My tech talk provides a short examples how to use it by packaging the changelog fragments creator tool (see also my blog post regarding this here). Please note, that this is not a HowTo rather than an interactive talk where things are described in detail. Resources: Presentation: Web/HTML Sources: gyptazy/ tech-talks (Github) .... [read more]
In an era where our lives are increasingly intertwined with technology, the concept of a digital detox has gained significant traction. A digital detox refers to consciously and temporarily disconnecting from digital devices and online platforms in order to find balance, regain focus, and reconnect with the physical world around us. This practice has become an essential remedy for the modern challenges posed by our hyperconnected lifestyles. In this blog post, we’ll explore the ins and outs of a digital detox, its benefits, and practical tips for successfully incorporating it into your life. The Digital Age’s Impact on Our Lives: The digital age has ushered in remarkable advancements in communication, productivity, and entertainment. However, it has also led to a host of negative consequences that are hard to ignore. The constant barrage of notifications, the pressure to maintain an online presence, and the addictive nature of social media have contributed .... [read more]
AI is on everyone’s mind but what happens when we use our own and custom content like documents on different LLMs (Large Langauge Models)? Let’s have a short look at different LLMs like llama2, falcon and gpt. Within this case we do not just want to use the pre-trained data from the models but also process our own content. Here, we just use a public available price list (T-Mobile One Fact Sheet) in a PDF format and try to gather information by prompt requests. We will now try to gather some information from especially this section which provides information for additional lines and costs per month (file here ). Now, different LLMs are requested to answer the following questions: "How much is the monthly fee for 4 lines?" llama2-70b-chat: Based on the information provided in the context, the monthly fee for 4 lines would be ﹩140. This is calculated by .... [read more]
Changelog Fragments Creator (a changelog generator in Python) may be used in development setups where working on a single CHANGELOG.md file might result in ongoing merge conflicts due to too many changes on the same file. This is where Changelog Fragments Creator steps in to solve this by creating YAML based files for each PR according to its planned release version. The output format is based on Keep a Changelog, and this project adheres to Semantic Versioning. This changelog creator is written for minimal setups to be usable across almost all systems (platforms and distributions). Therefore, some dirty stunts were needed to avoid templating (jinja2), etc. to drop some imports that would require additional dependencies. It only requires a basic Python 3 installation on the system. Motivation This project has been created after a some frustrations in several projects where working with several developers on the same project with a .... [read more]
Ansible’s yum_versionlock module has been available in Ansible for several years. Since my initial release this module has also been tweaked and forked as dnf_versionlock. However, there has been a new feature request for supporting specific package versions to pin and lock. Starting with community general version 7.2, yum_versionlock is also able to handle specific versions instead of just plain package names. Links: feature( yum_versionlock ): Add support to pin specific package versions #6861 .... [read more]
Many DevOps used Vagrant together with VirtualBox (Box) in their default setups to quickly spawn new VMs. However, when switching from AMD64 (Intel architecture) to Apple Silicon (M1/M2/M3) there was a lack of unsupported tools which broke many workflows. Currently, there’s an ARM64 supported build of Virtual Box but it doesn’t support ARM64 guests at all. This makes it necessary to switch to other alternatives. VMware Fusion A solution could lead into a free copy (for personal usage) of VMware Fusion for macOS which also supports ARM64 based guests. This alternative to Virtual Box supports all Apple Silicon Macs and even runs on the newest macOS which might be a pretty good alternative to Virtual Box. However, we still need Vagrant and a dedicated plugin (vagrant-vmware-desktop) for the VMware platform provider. This plugin supports VMware Workstation, VMware Desktop and VMware Fusion. Vagrant can still be installed in the same ways .... [read more]
Unfortunately, many companies still have security policies according to frequently password changes for endusers. Which first sounds like a good idea may fastly result in a less better security – I also often call this security by obscurity. So, why is password rotation a bad idea nowadays? First, let us have a look at the past before year 2000, where users had really short passwords with less than 10 characters. Many dynamic websites (e.g. free mailers, etc.) at that time enforced a password length of 6-10 characters and did not accept any special characters. As a result, it came to the well known passwords like abc123, 12345678, gyptazy2000, gyptazy89 etc. where users created an easy to guess combination of names, birthdates etc. With more compute power, brute force attacks became more easy. As a result, passwords got longer including further special characters. Within the first iteration, many special characters like .... [read more]
My new module pf (packet filter) allows managing the BSD’s packet filter (pf – as a firewall) which is compatible with FreeBSD, OpenBSD etc. When running in dry_run mode a generated rule set file will be validated and printed within Ansible’s meta output (json). Rulesets can be loaded by filters (e.g. filter, options or nat) and tested in dry_run mode. Next to this, basic service management can be done by this module for starting, stopping and restarting pf. - name: Test a rule set pf: action: reload config: /etc/pf.conf dry_run: True - name: Load only NAT rules set pf: action: reload config: /etc/pf.conf filter: nat - name: Flush PF rules pf: action: reload config: /etc/pf.conf - name: Start PF pf: action: restart config: /etc/pf.conf Resources: Initial upload: initial upload of pf (packet filter) PR: PR#5857 .... [read more]
Plutono is an interactive visualization web application that provides graphs, charts and also alerts. It is based on a Grafana 7.5 fork, maintained by credativ GmbH ( NetApp GmbH ), under the Apache 2.0 license which is limited to maintenance and security updates. In 2021, Grafana switched the licensing of its core products from the Apache License 2.0 to the more restrictive AGPL v3 (Affero General Public License) as an attempt to balance the values of open source with its monetization strategy. As this license switch might impact several users the Plutono project got initiated and comes with several other tools like Vali (as an alternative to Loki) and Valitail. Plutono: Plutono brings further possibilities to query, visualize, alert on and understand your metrics no matter where they are stored. Explore, create and exchange dashboards with your team: * Visualize: Fast and flexible client side graphs with a multitude of .... [read more]
Monkey Switcher just got released in V1.2. witch your Bluetooth capable devices like Magic Keyboard 2, Track Pad, AirPods, etc. between multiple Macs (e.g. personal & business) with a single click for macOS. This can especially be helpful to avoid connecting you wired USB-C to Lightning cable to your Magic Keyboard to establish a peering session to another Mac and may fasten up your workflow. However, initially this must be done on all Macs where you like to use this app to be a known and authorized Bluetooth device. This application ships binary versions for amd64 and arm64 architectures of blueutil. Running the application is a toggle – when the Bluetooth device is connected it gets disconnected. If the device is currently disconnected it gets connected. This can be done in combination of multiple Macs where the bluetooth device should be connected to. Monkey Switcher is fully open-source. You can .... [read more]
Now, Garden Linux comes with Firecracker (microVM) images for running heavy workloads. You may also find some more information on Firecracker within my last post. Thanks to nkraetzschmar for adding Firecracker support within the Garden Linux feature system. Next to this, the Pytest pipeline needed further adjustments as well as a new IAAS type to perform tests on microVMs. With my PR feat(pytest): Add Firecracker IAAS for PyTest #1318 I recently added further support for Firecracker images as a new IAAS platform type. The new IAAS takes care for all image and network related adjustments to fit the Pytest’s RemoteClient object requirements. Creating a Garden Linux Firecracker image Creating a Firecracker image is as easy as building regular images and can simply be accomplished by running: Production image: make firecracker # Dev image (autologin, etc.) make firecracker-dev This creates the kernel- & filesystem image artifacts: * kernel image: firecracker_dev-amd64-today-0ee7682b.vmlinux * .... [read more]
While Garden Linux was running with SELinux all the time, Garden Linux finally supports running SELinux in enforcing mode. Within the last few weeks I made several adjustments to make sure we could switch from permissive mode to enforcing. By pushing the last commit , the gardenlinux-selinux-module gets reactivated in synergy with the patched refpolicy package within the Garden Linux build pipeline. All related packages are available on Garden Linux repositories, now. Unluckily, I had many issues based on Debian’s Testing refpolicy package which was a show stopper for several services including casual bash usage after login or systemd-resolved start ups (see also bug #1012755 ). Unfortunately, further bug reports and texting resulted into no solutions. Even no direct solutions could be found on DebConf 2022 by getting in touch with some people directly. Thanks to chrinorse for getting in touch with other ones at DebConf 2022. Therefore, I consider .... [read more]
Finally, my Garden Linux PR feature(build): Add support for macOS #1013 got merged which allows building Garden Linux images on macOS regarding the underlying hardware architecture (Intel and Apple Silicon are supported). As a result, no further Linux virtual machines are needed to create artifacts. This is a big step forwards for all macOS users in usability and also speeds up the whole local build process. Update: With PR Add support for macOS and CentOS (Stream) in startvm #1027 you may also directly run the created images on macOS. .... [read more]
Introducing Monitorix , a versatile, open-source, and lightweight system monitoring tool that excels in overseeing a wide array of services and system resources. Originally crafted for production environments on Linux/UNIX servers, its adaptability extends seamlessly to embedded devices due to its simplicity and compact size. While Monitorix remains a stalwart choice, contemporary implementations may pose challenges. The conventional practice of exposing services to external entities may not always be ideal, prompting the adoption of a reverse proxy like Nginx as a viable solution. However, managing this setup across multiple systems requires additional configurations. To streamline this process, leveraging the Nginx subfilter function emerges as an elegant solution. The following snippet illustrates the implementation of this approach. location /ns01/ { proxy_pass http://ns01.gyptazy.ch:8080/; proxy_redirect default; sub_filter_once off; sub_filter '/monitorix-cgi/' '/ns01/monitorix-cgi/'; sub_filter '/imgs/' '/ns01/imgs/'; sub_filter '/monitorix/imgs/' '/ns01/imgs/'; sub_filter 'monitorixico.png' '/ns01/monitorix/monitorix/monitorixico.png'; sub_filter 'logo_bot.png' 'monitorix/logo_bot.png'; sub_filter 'logo_top.png' 'monitorix/logo_top.png'; proxy_buffering off; proxy_set_header Host $http_host; proxy_set_header X-Real-IP .... [read more]
Garden Linux is a Debian GNU/Linux derivate that aims to provide small and auditable Linux images for most cloud providers (e.g. Ali, AWS, Azure, GCP etc.) and bare-metal systems. Garden Linux is the best Linux for Gardener nodes to increase you cloud platform and replaces the legacy and discontinued CoreOS system. Garden Linux provides great possibilities for customizing and provides a great feature set to fit your needs and is fully Open-source (MIT licensed). By the given feature set it is possible to build Garden Linux with different features (options) like CIS, FedRAMP, ReadOnly mode, etc. Next to this, all features allow full customization to fit the operator's needs. In default, Garden Linux already provides an awesome stack of features like: * Repeatable and auditable builds * Great test framework (PyTest based) * Purely systemd based (network, fstab etc.) * Aiming to always integrate the latest LTS Kernel * Dracut .... [read more]
helloSystem is a new desktop system for creators with a focus on simplicity, elegance, usability and a modern design based on FreeBSD. It follows the “less, but better” philosophy and is purely welcoming users from Mac systems. However, it has been several years since I have used FreeBSD as my daily desktop system – so I worked with another BSD system all the time. Now, it was time again to take a look on FreeBSD and I found helloSystem – I was directly in love. A fresh, modern clean desktop with FreeBSD. Quote from the project: For mere mortals. Welcoming to switchers from macOS. Not just a theme. Not a clone of anything, but something with which the long-time Mac user should feel instantly comfortable. The latest technologies, without the complexities of Linux distributions. Without lockdown. Without Big Brother. The user in full control. Within the first days as my .... [read more]
With Ansible 2.10 my patch got integrated by upstream. Therefore, the Ansible module java_cert provides a new option for trusting imported CA certificates. This comes handy when you are running an infrastructure with a self signed root CA (Certificate Authority). As a result, you may define your own imported root CA as trusted which directly allows secure SSL/TLS connections between JAVA application without allowing untrusted CAs. Example: - name: Import trusted CA from SSL certificate java_cert: cert_path: /opt/certs/rootca.crt keystore_path: /tmp/cacerts keystore_pass: changeit keystore_create: yes state: present cert_alias: LE_RootCA trust_cacert: True Resources: PR: add trustcacerts option for JAVA keytool #61750 .... [read more]
With the new ‘msteams’ Ansible callback module you may send notification to a desired Microsoft Teams chat room. This includes the start of a triggered Playbook run, as well as of the final result with more details about the executed run. This may become handy when multiple playbooks are executed periodically as a status update for the DevOp team. This plugin is designed for a just “place it and use it” usage. Therefore, only the room URL needs to be generated within Microsoft Teams and be defined within the config file. You can find this plugin on GitHub. Resources: Config: config file Module: msteams (module) Source: GitHub source code .... [read more]
There may be some corner cases where you just want to forward your email(s) to a Telegram group or just to yourself. This can be very handy when it comes to monitoring solutions in DevOps related scenarios or for smarthome. However, this script allows you to define a dedicated IMAP box and to forward all received mails to Telegram messaging services. Within the current implementation this is designed to run on CentOS/RedHat systems with systemd, but this can be adapted to run on all other systems, too. After setting up IMAP2Telegram watches within a given IMAP account for new mails and forwards them to a defined Telegram user/group. Resources: Language: Python GitHub: IMAP2Telegram (source code) .... [read more]