LinuxPizza

Personal notes and occasional posts

In the last couple of month, I have not been able to sync my pretty huge library in Nextcloud due to a bug that is being ignored in the Nextcloud client. But I still need to sync my files – what to do?

It has been a source of frustration to not be able to sync down my files during this fall, so I started to look at other solutions instead, like DavFS2. With DavFS2 you can mount your Nextcloud account like you mount a HDD/SSD ora USB memory – simple!

First of all, you need to install the davfs2 package, on debian derivatives such as Ubuntu, MXLinux or PureOS:

sudo apt-get install davfs2

On RHEL/CentOS:

sudo yum install davfs2

On Fedora:

sudo dnf install davfs2

On SuSE:

sudo zypper install davfs2

Next, we want to modify the /etc/fstab file so the Nextcloud account will be mounted at boot, just modify the command provided to match your own setup:

echo "https://cloud.operationtulip.com/remote.php/webdav/ /mnt/nextcloud davfs _netdev,noauto,user,uid=USER,gid=GROUP 0 0" >> /etc/fstab

Also, I do strongly assume that you do not want to enter your login everytime you boot.

echo "/mnt/nextcloud NEXTCLOUDUSER NEXTCLOUDPASSWORD" >> /etc/davfs2/sercets

Let's finish this with adding your user into the davfs2 group

sudo usermod -a -G davfs2 USERNAME

Now, you should be able to mount it:

mount /mnt/nextcloud

Optional – encrypt transparently with gocryptfs

First, install the gocryptfs package:

sudo apt-get install gocryptfs

On RHEL/CentOS:

sudo yum install gocryptfs

On Fedora:

sudo dnf install gocryptfs

On SuSE:

`sudo zypper install gocryptfs

In this case, we are just going to create a catalogue in the homecatalogue, add is as a “plain” catalogue where the files is going to be shown decrypted for you and mount it against /mnt/nextcloud – so the files is going to be stored encrypted.

    mkdir -p ~/nextcloud_encrypted
    gocryptfs -init /mnt/nextcloud
    gocryptfs /mnt/nextcloud nextcloud_encrypted

Now, you can create a file in ~/nextcloud_encrypted, and it will show up as encrypted in the /mnt/nextcloud catalogue.

Happy sharing!

ok, here it goes: the obligatory post that everyone writes in the beginning of a new year.

2019 was a year of progress for Linux.Pizza and growth, it has been fun to curate for the small “platform” and the userbase residing here.

2020 is here, and I'll try to summarize what we hope to achieve during this year:

  • Build are more robust infrastructure: This is something that we started with last summer with OperationTulip (basically a hosted Nextcloud provider) and we will continue to do so during this year. I (Jonathan) is a part of the OperationTulip team and have contributed with alot of time and hardware into the project, so it is only fair that Linux.Pizza can reside in that environment too!

  • Get more supporters: One of the blockers of many project is money and that is mostly storage and fees for domain names and such. We have been able to mitigate a big chunk of expenses by hosting our own authorive DNS-environment and getting a room in an already existing email server. As I mentioned in the 2019 recap we have gotten donation that have been covering the cost of operation for month – and we are not able to show enough gratitude for the generosity of the people that has donated to Linux.Pizza – Thank you!!

  • Spread the word about the Librehosters: Linux.Pizza is a part of the Librehosters – a loose community of people and organizations that hosts and provide ethical and libre services for public use. We would really like to see it grow and more projects that joins the community

  • Participate in real-life events: Altough I can't attend events like FOSDEM this year, we do hope that we can join the FOSS NORTH event this spring together with the team from OperationTulip. And who knows, we may have stickers for you then? ;)

  • Linux.Pizza staff: Currently, when I am basically the sole admin of Linux.Pizza. Sure, my wife has full access to the services and will act if something would happend to me, but that's about it. So if you want to help out, or know someone that wants to help out – just contact me on Mastodon or Matrix (@j:matrix.linux.pizza).

Well, there is goes. Have a great day everybody!

2019 has been a great year for Linux.Pizza, we have seen hundreds of new users on our Mastodon-instance, thousands of visitors on our trashmail service and hundreds of thousand of machines using our mirror

but sadly, due to lack of time and money, I have been forced to close down a few service like Pleroma, Social relay, & Invidious.

Linux.Pizza is one of many providers in the librehost network – everyone aims to offer ethical services that focus on privacy and fairness. 2019 has been a year of growth for the network and Linux.Pizza is not excluded.

Linux.Pizza was able to achieve the following:

2020 is approaching rapidly, and Linux.Pizza is ready! If you have any suggestions of services that you would like to see, please let us know! We are always exploring ways extend our list of services that is beneficial to our users!

In your haproxy.cfg, you should do this:

global
    log /dev/log local0 notice
    user haproxy
    group haproxy
    stats socket /var/run/haproxy.sock mode 660 level admin
defaults
    log global
    retries 2
    timeout connect 3000
    timeout server 5000
    timeout client 5000
listen galera
    bind /var/run/mysqld/mysqld.sock mode 666
    option mysql-check user HAPROXY
    balance first
    server galera1 192.168.20.21:3306 check maxconn 64
    server galera2 192.168.20.22:3306 check maxconn 64
    server galera3 192.168.20.23:3306 check maxconn 64

And why do I listen on a socket? That is because an application will assume that mysql/mariadb are listening on a socket when you specify “localhost” by default.

This assumes that you are running your Linuxsystem as a virtual server on VMWare, KVM, XEN or AHV.

We have been there a couple of times – your application need more RAM. Or just want more RAM in order to have your Minecraft server run smoothly.

  1. First of all, add the amount of RAM to your VM via your hypervisor.
  2. Second, we need to tell the kernel that there is more RAM available for use, we can do that by using this simple script:

for f in /sys/devices/system/memory/memory*/state ; do grep -v -q online $f || continue echo -n "Bringing $f online... " echo online > $f || continue echo OK done

That's all! You can now verify with your favorite way to check RAM usage.

This assumes that you are running your Linuxsystem as a virtual server on VMWare, KVM, XEN or AHV.

Be sure to take a backup first!

It is quite common – for me atleast – that a busy databaseserver is going to use more and more space. And in most cases it is not always that attractive to have to restart the server and resize it with a LiveCD such as gparted live.

Luckily, there is possible to expand the partitions while your machine is running. I will try to guide you with this step to step guide on how you can successfully proceed with it:

If you are using LVM, read until 12, and skip 13.

  1. First of all, add the storage in you hypervisor.
  2. Next, you want to tell the kernel that to rescan the bulk device: echo 1 > /sys/class/block/sda/device/rescan fdisk are now able to “see” the expanded disk, in this case /dev/sda
  3. Now, we need to do the actual expansion of the partinion, so we need to “delete” the partion and add it again via fdisk – dont worry, we are not going to write the changes to disk while the partinion is deleted: fdisk /dev/sda
  4. Just to make sure, check the partinion by selecting p, if the disk looks like it should, you may continue
  5. Delete the partition by pressing d
  6. Press n to create a new partinion
  7. Press p to chose “Primary Partition”
  8. Press 1 to chose the partition number 1
  9. Press ENTERtwice
  10. And lastly, doublecheck the changes by pressing p, note the difference from the first time you did it. You should see that the partition has been expanded.
  11. !The following actions will write the changes to disk! Now, in order to make is real, press w in order to write the changes to disk, you will see a warning about that the partition table has been changed. Do not worry, it is expected.
  12. Now, run partprobe (you have to install parted for this to work). If you are using an older kernel, you maybe would need to reboot if the partprobe task did not work.
  13. Now, we just need to expand the filesystem itself in order to actually use the newly added space: resize2fs -p /dev/sda1

Verify with df -h or lsblk

Steps for if you are using LVM

I assume that you have done step 1-12 in the previous section.

  1. First, expand your physical volume: pvresize /dev/sda1
  2. Then, we will proceed with expanding the Logical volume, replace “X1” with the Logical Volume you want to extend: lvextend --extents +100%FREE /dev/vg0/X1
  3. After that is done, we have to expand the filesystem, again – replace “X1” with the Logical Volume you want to extend resize2fs /dev/vg0/X1

Verify with df -h or lsblk

You should be able to see the new size now.

This assumes that you are running your Linuxsystem as a virtual server on VMWare, KVM, XEN or AHV with CPU Hotplug enabled.

From time to time, I have been in need of extra CPU-power for various reasons. It might be that someone suddenly got alot of traffic to their PHP-based website, or they want to add more containers but loosing the time and uptime that comes with a reboot it not an option.

Luckily, there is solutions for that!

  1. First of all, add the cores to your VM via your hypervisor.
  2. Second, we need to tell the kernel that there is more cores available for use, we can do that by using this simple script:

for f in /sys/devices/system/cpu/cpu*/online ; do grep -v -q 0 $f || continue echo -n "Bringing $f online... " echo 1 > $f || continue echo OK done

Done, you can now verify that you have added more cores to your system, using for example – htop

Note! Some programs needs a restart in order to start using more cores

It is almost 18 years since I first came in contact with Linux, and I did not know at all what kind of journey it would take me on.

I was 9 years old at the time, when me and my brother got our first PC. It was an Fujitsu-Siemens with 128MB of RAM, Pentium II 233 MHZ and a HDD with amazing 8GB space. SuSE 7.0 was installed on that machine and we loved it. Although at the time, we only used Linux so we can brag to our friends that “we didn't use Windows”. That part kind of failed because our friends did'nt even know what Windows was and my brother and I thought that was absurd that our friends was so “informed about something so essential in life”.

At school, I loved to just “click around” and find stuff. Schools in the 90's/early 2000 did not consider “security” as something prioritized = more fun for us kids.

Today, I mainly work with Linux and basically almost every hobby that I have has something to do with Linux.

It is amazing how such a small event as getting a PC with Linux could alter the course of my life.

Why I decided to block gab.[com|ai], and some other thoughts.

It has not gone unoticed, but gab – the plattform that champions “free speechs” has joined the fediverse. Why? Because probably (hopefully) they are running out of money.

4th of July, 2019 – gab did enter the fediverse with glory and might. Users loved it and the software was great!

gab-5 No it was'nt. People hated it and complained everywhere over the extremely bad performance and the unreliable service. I enjoyed the show, it was great because it means that gab is loosing money when the deploy did not work well. gab-500 gab also uses cloudflare gab-cf

gab-error

The funny thing aside for a moment, and lets focus on the dangerous and evil side of gab. Gab claims to be a champion of free speech, sadly this has turned into a harbor of extremist – actual Nazis.

I decided to create an account on the platform to observe it myself. I did not have to scroll much to be greeted with this: gab-1

More: gab-2

And more: gab-3 This was presented to me withing the first minute.

gab-trending So much for the All are welcome slogan.

You maybe wonder – why does a platform allow content that celebrates genocide, fascism , violence, hate, and authoritarian governments and hides it in the free speech bucket? I do not know, I honestly do not know. The founder of gab – Andrew Torba – is even a proclaimed christian. Is'nt christianity supposed to be the opposite of the content that is spreading on gab?

This is why I have suspended gab on my instance. And if you as an admin does it – great! But it would also be great if people could federate with them to be able to ridicule them (or as some people calls it – virtual milk-shaking).

We can't let history repeat itself.

Note: I do publish social.linux.pizza's blocklist here

Since I was a little kid I've always had a love for computes. Later on, that love transformed to a love for servers – hence that's why I got myself a tiny homelab.

Currently, the homelab is rocking the following setup: One Proliant Microserver G8 8TB disk, 8GB RAM, simple celeron CPU, 10Gbit Network running Debian 9. Currently using this as a shared storage (iSCSI) between my to hypervisors. I had two of those before, but I gave one away.

One homebuild server with an SuperMicro X9SCI/X9SCA motherboard, Xeon E3-1240 V2, 32GB RAM and 4TB storage (mostly ZFS with alot of SSD cache) Currently running Proxmox in a HA-environment

One homebuild PC that was repurposed into a server. ASRock H61 Pro BTC motherboard, Intel i5-2400, 16GB RAM and 1,1 TB of ZFS with SSD-cache storage. Also running Proxmox in a HA-environment

An EdgeRouter X-SFP (serving the secondary connection”

Three MikroTik Switches – RouterBOARD 260GS, 260GSP & CSS326-24G-2S+RM.

A Meraki accesspoint

Thinkpad W530

This is the hardware my environment utilizes. I am running Pfsense in a virtual environment instead of using the Edgerouter as the main router. The reason is that I wanted a more advanced firewall than the EdgeRouter on my “main” connection. And the reason that I run pfsense in a virtual machine is because I want the ability to easily restore backups in case if something goes wrong – which pfsense often do when I upgrade for some reason.

I hope that I can get a newer server in the coming month so I can replace my ASRock “server” and convert that one to a router instead – hopefully.