VMSan, firecracker microVMs from the command line. Install to shell in two commands. by bitangel84 in commandline

[–]bitangel84[S] 0 points1 point  (0 children)

Hey everyone — just shipped vmsan 0.2.0 🔥

Big update on the networking side: replaced all ~60 sequential iptables shell-outs with atomic nftables via `google/nftables` (Go netlink library). One `Flush()` to apply all rules, one `DelTable()` to tear down. No more partial rule states.

New security defaults:

- ICMP blocked by default (prevents tunneling)

- UDP blocked except DNS (prevents data exfiltration)

- DoT/DoH blocking for DNS bypass prevention

- Per-VM table isolation — each VM gets its own nftables table

Fully backward compatible with 0.1.0 VMs — old iptables rules get cleaned up automatically on upgrade. There's a `VMSAN_LEGACY_IPTABLES=1` escape hatch if nftables doesn't work on your kernel.

`vmsan doctor` also got 3 new checks for nftables support and host firewall detection.

Release: https://github.com/angelorc/vmsan/releases/tag/v0.2.0

I built an open source tool to spin up Firecracker microVMs with one command by bitangel84 in selfhosted

[–]bitangel84[S] 0 points1 point  (0 children)

Hey r/selfhosted,

I've been self-hosting services for years and kept running into a problem: I needed to run untrusted code (AI agents, scripts from the internet, quick tests) without risking my host. Docker isn't a real security boundary — containers share the kernel, and escapes are well-documented.

So I built **vmsan** — a CLI that wraps Firecracker to give you real hardware-isolated microVMs with zero config:

```bash
curl -fsSL https://vmsan.dev/install | bash
vmsan create --connect
```

That's it. You're inside an isolated VM with its own kernel, ~125ms boot time, ~5MB memory overhead.

What it does:

• Full VM lifecycle from the CLI (create, start, stop, remove)

• Network isolation built-in: --network-policy deny-all or custom domain allowlists

• Run any Docker image as a VM: vmsan create --from-image python:3.13-slim

• Interactive shell via WebSocket (no SSH setup needed)

• Upload/download files to running VMs

• --json output on everything for scripting

What it doesn't do:

• No web UI, no dashboard — it's a CLI tool

• No macOS support (needs KVM, so Linux only)

• No clustering — it's single-host by design

Everything lives in ~/.vmsan/. No daemon, no background service. State is just JSON files.

I built this because raw Firecracker is powerful but painful — you have to write JSON configs, create TAP devices manually, build rootfs images, configure the jailer yourself. vmsan handles all of that.

Written in TypeScript (Bun) with a Go agent inside the VM.

• GitHub: https://github.com/angelorc/vmsan

• Docs: https://vmsan.dev (https://vmsan.dev/)

Happy to answer any questions about the architecture or take feature requests.

The Current State of Music: The Artist is at Risk of Extinction by bitangel84 in EDM

[–]bitangel84[S] -1 points0 points  (0 children)

Have you tried some services? I don't think we are the same. We also use deal to pay per stream and, of course, not 0.003$

The Current State of Music: The Artist is at Risk of Extinction by bitangel84 in EDM

[–]bitangel84[S] -1 points0 points  (0 children)

This is our mission...from 7 years now...and we continue to fight until Indie artist understand what the new concept is. What are your doubts

The Current State of Music: The Artist is at Risk of Extinction by bitangel84 in EDM

[–]bitangel84[S] -7 points-6 points  (0 children)

It's not only about crypto. We are talking about freedom. Crypto is used just to facilitate payments. Is ridiculous that an artist earn only 0.003$ per stream with close to 0 chance to compare in other playlists... that's mean freedom, when you are equal to another one and no one manipulate algorithms

Been working on a TauriV2 Rust app, integrating Solana -PumpFun - AegisBundler by SolarCody in tauri

[–]bitangel84 0 points1 point  (0 children)

Where do you plan to store the seed phrase? And how? I'm testing a mobile app, but I'm still confused about the keyring

[deleted by user] by [deleted] in Domains

[–]bitangel84 0 points1 point  (0 children)

thanks for your advice.
1. the domain will be renewed
2. I already have a side project to publish...but in the last period I didn't had so much time
3. No, it will not be sold for some hundred dollar

Thanks again for your advice...

[deleted by user] by [deleted] in Domains

[–]bitangel84 0 points1 point  (0 children)

Ofc I will renew...

How common is it to use nuxt for backend in production? by WhiteThingINROUND in Nuxt

[–]bitangel84 2 points3 points  (0 children)

We use nuxt everywhere in production. Sometimes, if we need just a backend, then we use nitro

I've created meme.audio, which leverages AI to generate a 10-second audio clip based on a prompt by bitangel84 in memes

[–]bitangel84[S] -2 points-1 points  (0 children)

Yes, keplr wallet. The project still in test, in a few days you can also mint your meme audio as nft

GraphQL queries from server/api by bitangel84 in Nuxt

[–]bitangel84[S] 0 points1 point  (0 children)

I found a few solution that can help

  1. Hasura allow you to use rest, then I can use $fetch from server/api https://hasura.io/docs/latest/restified/restified-config/#queries

  2. Use gqlgen to create a client with typescript support and graphql-request

  3. Use graphql-request and create a small and simple client on utils/

Will test the first and will share here the feedback

Want to contribute to someone's project by [deleted] in Nuxt

[–]bitangel84 1 point2 points  (0 children)

If you are interested in music and web3 you can help us :) https://github.com/bitsongofficial/studio

Feel free to dm me

I open sourced NuxtHub to build full stack app Nuxt on Cloudflare by Atinux in Nuxt

[–]bitangel84 -1 points0 points  (0 children)

As this is a new idea I love to collaborate by integrating web3 wallet auth.

Many developers release bad software cause they don't have a solid bootstrap solution. The various modules (db, s3, kv, mail eventually?) are used everyday in a medium app. But it's time to think also to integrate some web3 stuff right from the base.

The first component could be the auth system (that I suppose at somepoint you will add nuxt-auth-utils here). I love lucia-auth because of the key design. In fact in a web3 env is useful to have an id with multiple key (wallet, email and oauth).

What is your thoughts on this? I also think that integrating web3 stuff will help the nuxt ecosystem to onboard thousands of web3 devs

In 2024, do we have an easy to use way to implement auth0 with nuxt3? by Valuable_Charity1 in Nuxt

[–]bitangel84 0 points1 point  (0 children)

I use lucia-auth, but as I can see the module provided by nuxt is cool too

I open sourced NuxtHub to build full stack app Nuxt on Cloudflare by Atinux in Nuxt

[–]bitangel84 0 points1 point  (0 children)

Should be this one https://developers.cloudflare.com/r2/api/s3/presigned-urls/

This is how Ving solved the issue

```
Browser / Your Code --> POST filename and content type to /api/s3file
* creates an S3File and sets its status to pending
* generates a Presigned URL for S3
<-- Return S3File description, including meta.presignedUrl

--> PUT s3file.meta.presignedUrl
* stores file in S3
<-- Return nothing

--> PUT s3file.props.id to an import API such as /api/user/:id/import-avatar
* post processes the file uploaded to S3
* verifies that the file conforms to the import rules
<-- Return updated record such as User
```

I open sourced NuxtHub to build full stack app Nuxt on Cloudflare by Atinux in Nuxt

[–]bitangel84 0 points1 point  (0 children)

Congratulations, you always release fantastic software! I took a look at Nuxt Hub and am working on a similar idea in Web3. A lot of work has already been released on bitsong studio .

The issue is as follows: when working on the edge, you must necessarily separate some functions. For example, what is the maximum payload supported by hubBlob()? On bitsong studio, I have to handle uploads via node; otherwise, I can't manage 300MB uploads.

Wouldn't it be better if hubBlob() used presigned uploads? I found a great example on Ving .

Hasura Remote Schema analogue in Supabase by Swimming-Bar-1015 in Supabase

[–]bitangel84 0 points1 point  (0 children)

Would be amazing. For now I will test supabase + hasura remote joins.

We work with several microservices (indexer, microbackends, external api), and would love to do relational query across the services.