• 0 Posts
  • 44 Comments
Joined 2 years ago
Cake day: June 28th, 2023
  • nitrolife@rekabu.rutoLinux@lemmy.mlSwitching to Linux - A comprehensive guide
    21·
    19 hours ago

    Do you really want to recommend btrfs to beginners? The FS for which the usage scheme needs to be checked on the site.

    As for me, I messed up my home directory 4 years ago and since then I haven’t touched this fs and I don’t advise anyone. I need my Linux work machine not for experimentation and recovery from backups. It’s much easier to store the free 20 gigs on a disk.

  • nitrolife@rekabu.rutoLinux@lemmy.mlSwitching to Linux - A comprehensive guide
    4·
    23 hours ago

    If you newbie linux user I really recommended create partition for /home and use LVM. That not so easy, but if you understand LVM Snapshots and partitioning that saved many hours for you. You can use partition manager for make /home snapshots and all system snapshots too if you have enough free space in LVM group. The downside of this feature is that you can’t take up the entire disk with partitions, otherwise there will be nowhere to take snapshots.

    If you want change distro for example:

    1. create /home snapshot
    2. remove all ~/.* directories
    3. Start from iso and format only root partition for new system.

    If you want do momething risky:

    1. Create / and /home shapshot.
    2. Try that.
    3. If all ok merge snapshots, If all go bad rollback to previous state.
  • nitrolife@rekabu.rutoAsklemmy@lemmy.mlWhat questions do you have for folks older than you?
    11·
    7 days ago

    I just went to libraries and asked my friends for information.

    By the way, the internet didn’t suddenly become filled with all the knowledge in the world. The first internet pages were like personal blogs filled with not-so-useful information. In those days, the internet was similar to today’s darknet. Google was just starting out, and there was no search engine as such. As a result, people just shared websites with each other. The current internet is the result of millions of people’s efforts to fill it with information. So, having access to the internet didn’t change my life overnight.

    But we used to buy collections of websites and data on CDs when CD-ROMs first became available, and that was pretty fun.

    UPD: and at some point, people started exchanging data through modem calls, and that’s how fidonet was born. It was a whole cultural layer where you could get an address and slowly receive newsletters and exchange data through late-night calls to sisops. It was like a prehistoric torrent, but instead of pirating, you were exchanging data.

  • nitrolife@rekabu.rutoProgrammer Humor@programming.devScreen size & your importance
    85·
    12 days ago

    The job of people around the CEO is primarily to make decisions. All this huge chain of managers is needed only to aggregate information so that the CEO can make an informed decision. This is how many large companies operate. I would even say that there is a direct correlation between the size of the campaign and the number of monitors at the bottom.

    The flip side of sitting behind a huge monitor is that you won’t stay outside with a huge number of your employees if you make the wrong decision. It’s just a different job.

  • nitrolife@rekabu.rutoSelfhosted@lemmy.worldTurn linux server into a router?English
    1·
    19 days ago

    ISC really deprecated… =( You can install dnsmasq of course, but he is much more slow. But nice for small networks.

    Firewalld is much worse for small sustems. Who is really need mark ports? But in difficult cases you need write iptables rich rules anyway. So, as result I love old school with clean iptables without any upperlevel daemons.

  • nitrolife@rekabu.rutoSelfhosted@lemmy.worldTurn linux server into a router?English
    21·
    20 days ago

    Enable packet forwarding via interfaces:

    # cat /etc/sysctl.d/01-forward.conf  

net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1

    Then install isc-dhcp-server and configure ipv4 and ipv6 dhcp server. (only on local ports or you internet prowider will be angry)

    short example:

    # cat /etc/dhcpd.conf  
ddns-update-style interim;
ddns-updates on;
ddns-domainname "my.local";
ddns-rev-domainname "in-addr.arpa";
allow client-updates;
update-conflict-detection true;
update-optimization true;
authoritative;
default-lease-time 86400;
preferred-lifetime 80000;
max-lease-time 86400;
allow leasequery;
option domain-name "my.local";
option domain-name-servers 192.168.1.1;
lease-file-name "/var/lib/dhcp/dhcpd.leases";

    # cat /etc/dhcpd6.conf  
ddns-update-style interim;
ddns-updates on;
ddns-domainname "my.local";
ddns-rev-domainname "ip6.arpa";
allow client-updates;
update-conflict-detection true;
update-optimization true;
authoritative;
default-lease-time 86400;
preferred-lifetime 80000;
max-lease-time 86400;
allow leasequery;
option domain-name "my.local";
option dhcp6.name-servers fd00:1::1;
option dhcp6.domain-search "my.local";
option dhcp6.preference 255;
dhcpv6-lease-file-name "/var/lib/dhcp/dhcpd6.leases";

    don’t forget start dhcpd@lan and dhcpd6@lan

    Then install radvd and configure RA ipv6 broadcasting. (only on local ports or you internet prowider will be angry)

    # cat /etc/radvd.conf

interface br0
{
        AdvSendAdvert on;
        MinRtrAdvInterval 3;
        MaxRtrAdvInterval 10;
        AdvDefaultPreference low;
        AdvHomeAgentFlag off;

        prefix fd00:1::/64
        {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        };

        RDNSS fd00:1::1
        {
                AdvRDNSSLifetime 30;
        };

        DNSSL my.local
        {
                AdvDNSSLLifetime 30;
        };

};

    Then install iptables-persistent and configure ipv4 and ipv6 rules in /etc/iptables/ . Change lan and internet to you real interfaces.

    # cat /etc/iptables/rules.v4
# Generated by iptables-save v1.6.1 on Mon Dec 30 18:53:43 2019
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0] 
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o internet -j MASQUERADE
COMMIT
# Completed on Mon Dec 30 18:53:43 2019
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
#UNBRICK IF YOU WANT ACCESS FROM INTERNET
-A INPUT -s x.x.x.x -j ACCEPT
-A INPUT -s y.y.y.y -j ACCEPT
#BASE
-A INPUT -i lo -j ACCEPT
-A INPUT -i lan -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lan -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT

    # cat /etc/iptables/rules.v6
# Generated by ip6tables-save v1.6.0 on Thu Sep  8 13:29:11 2016
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o internet -j MASQUERADE
COMMIT

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
#BASE INPUT
-A INPUT -i lo -j ACCEPT
-A INPUT -i lan -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lan -j ACCEPT
-A FORWARD -p ipv6-icmp -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT

    Then install dns relay. I user bind, but that some overkill. But anyway:

    install named / bind9

    # cat /etc/named.conf

...
acl "lan" {
           192.168.1.0/24;
           127.0.0.1;
           fd00:1::/64;
           ::1/128;
};

tls google-DoT {
    ca-file "/var/named/google.crt"; //SET google cert path here
    remote-hostname "dns.google";
};

tls local-cert { //if you want local SSL requests
    cert-file "/etc/letsencrypt/live/local/cert.pem";
    key-file "/etc/letsencrypt/live/local/privkey.pem";
};


options {
    directory "/var/named";
    pid-file "/run/named/named.pid";

    forwarders port 853 tls google-DoT {
      8.8.8.8;
      8.8.4.4;
    };

    // Uncomment these to enable IPv6 connections support
    // IPv4 will still work:
    //listen-on-v6 { any; };
    // Add this for no IPv4:
    //listen-on { any; };

    listen-on-v6 { fd00:1::1; ::1; };
    listen-on { 192.168.1.1; 127.0.0.1; };

    listen-on-v6 tls local-cert { fd00:1::1; ::1; }; //if you want local SSL requests
    listen-on    tls local-cert { 192.168.1.1; 127.0.0.1; }; //if you want local SSL requests

    allow-recursion { lan; };
    allow-recursion-on { 192.168.1.1; fd00:1::1; 127.0.0.1; ::1; };
    allow-transfer { none; };
    allow-update { none; };
    allow-query { lan; };
    allow-query-cache { lan; };
    allow-query-cache-on { 192.168.1.1; fd00:1::1; 127.0.0.1; ::1; };

    version "DNS Server 1";
    hostname "interesting server";
    server-id "realy interesting server";

    dnssec-validation auto;
    empty-zones-enable no;
    minimal-responses yes;
    http-port 8888;

    listen-on http local tls none { any; };
    listen-on-v6 http local tls none { any; };

    auth-nxdomain no;    # conform to RFC1035
};
...

    All done.

  • nitrolife@rekabu.rutoNo Stupid Questions@lemmy.world*Permanently Deleted*
    6·
    23 days ago

    Well… In my case, as many potatoes as you want. Even if I grow it on an industrial scale, I will only need to pay 4% sales tax. And for myself, I can grow at least 100+ kg of potatoes without any problems. (Because of the size of the plots, I can literally grow tons of potatoes).

    And yes, I use UV lamps for seedlings every spring. Just like literally everything in my village. This happens when the daylight is very short. These are the countries with risky agriculture. I think it would be funny for some foreigners to watch the picture of the village where in every house at night with ultraviolet light shining on the windowsills =)

  • nitrolife@rekabu.rutoSelfhosted@lemmy.worldYour favourite piece of selfhosting - Part 1 - Operating SystemEnglish
    21·
    24 days ago

    archlinux + podman / libvirtd + nomad (libvirt and docker plugins) + ansible / terraform + vault / consul sometimes

    UPD:

    archlinux - base os. You never need change major version and that is great. I update core systems every weekend.

    podman / libvirtd - 2 types of core abstractions. podman - docker containers management, libvirtd - VM management.

    nomad - Hashicorp orcestrator. You can run exec, java application, container or virtual machine on one way with that. Can integrate with podman and libvirtd.

    ansible - VM configuration playbooks + core system updates

    terraform - engine for deploy nomad jobs (docker containers. VMs. execs or something else)

    Vault - K/V storage. I save here secrets for containers and VMs

    consul - service networking solution if you need realy hard network layer

    As a result, I’m not really sure if it’s a simple level or a complex one, but it’s very flexible and convenient for me.

    UPD2: As a result, I described the applications level, but in fact it is 1 very thick server on AMD Epic with archlinux. XD By the way, the lemmy node from which I write is just on it. =) And yes, it’s still selfhosted.