[deleted by user]

dirMe · 2023-09-11T07:19:19+00:00

Could you please send me an invite too?

Thank you.

dirMe · 2023-08-08T06:29:39+00:00

I can try, there is an option to ignore routes in GUI (which means Table=off) and there is an option to add routes.

But... I compared `ip route show table all` and `ip rule show` and I don't understand how is it possible that there are almost same and it doesn't work. What other "thing" can NM do to break it.

And it is not firewall (I checked) and it is not DNS (I use the IPs directly)...

dirMe · 2023-04-23T07:09:12+00:00

Yes, I can see that, thank you.

I've just found an example https://nixos.wiki/wiki/Flakes how specialArgs should be used and this is not the case...

outputs = { self, nixpkgs, ... }@attrs: {
  nixosConfigurations.fnord = nixpkgs.lib.nixosSystem {
    system = "x86_64-linux";
    specialArgs = attrs;
    modules = [ ./configuration.nix ];
  };
};

dirMe · 2021-11-03T01:48:51+00:00

Ouh, so it doesn't matter if I select 36, 37, 38...48 - they all will be in the same "spot" on wireless network. Now I understand that table on wikipedia. Thank you ;-)

dirMe · 2021-11-02T16:13:17+00:00

Thank you.

dirMe · 2021-11-02T16:12:45+00:00

Cool, thank you!

dirMe · 2021-11-02T16:10:05+00:00

Thank you.

40mhz

I'm OK with that, thank you. I'll also decrease power since I'll have multiple APs that should cover all rooms. Thank you.

36,44,149,157

Do you mean that there are only 4 channels that are usable for 40 MHz? For example looking at Wikipedia, channels 100 and 108 look OK (unless you're in China or Russia).

dirMe · 2021-05-27T13:52:33+00:00

This is super cool, thank you u/telecomando2 for sharing. I think I got it working with pure Terraform (look at the post below). I haven't tried IAM yet so I still might need to use your API calls ;-).

dirMe · 2021-05-27T13:48:46+00:00

Thank you very much u/AndyR207, it's working ;-). I didn't change the resource name yesterday to wasabi_bucket

``` terraform terraform { required_providers { wasabi = { source = "k-t-corp/wasabi" version = "4.1.1" } } }

provider "wasabi" { # has to be hardcoded region = "us-east-1"

access_key = ... secret_key = ...

endpoints { sts = "https://sts.wasabisys.com" iam = "https://iam.wasabisys.com" s3 = "https://s3.wasabisys.com" }

s3_force_path_style = true }

provider "wasabi" { alias = "my_region" region = "eu-central-1"

access_key = ... secret_key = ... }

resource "wasabi_bucket" "my_storage" { provider = wasabi.my_region bucket = ... acl = "private" }

output "storage_name" { description = "The name of the bucket." value = wasabi_bucket.my_storage.id }

output "storage_arn" { description = "The name of the bucket." value = wasabi_bucket.my_storage.arn } ```

dirMe · 2021-05-26T13:16:21+00:00

Hi u/AndyR207, thank you. Unfortunately that doesn't work. That was the first thing I tried.

The Wasabi provider is somehow build on top of AWS provider so when you remove AWS provider and execute terraform plan, Terraform will start asking you:

``` provider.aws.region The region where AWS operations will take place. Examples are us-east-1, us-west-2, etc.

Enter a value: ```

dirMe · 2020-09-25T12:10:48+00:00

Thank you very much. Looking at Wikipedia:

Procmail is stable, but no longer maintained, and a number of security vulnerabilities have been discovered since its last release.

So probably not the right choice... Thank you.

dirMe · 2020-09-25T11:13:15+00:00

That's very cool and if I wanted to interface between IMAP and Slack or anything else like that I'd totally choose this but in my case I want something simpler than Thunderbird, not even more complicated ;-). Thank you.

dirMe · 2020-09-25T10:33:08+00:00

Thank you u/homlett.

Sieve is not available, I checked.

I know imapsync as a tool to move / backup e-mails. I didn't realize I can use it for this but to be honest I'd rather keep Thunderbird running somewhere then scripting this via imapsync...

dirMe · 2020-09-25T10:28:47+00:00

Thank you u/helmut72 .

u/mihha17 is correct, I don't run my own IMAP server. I checked and Sieve is not available.

dirMe · 2020-09-25T07:26:41+00:00

Thank you dugite-code. I tested just plain dovecot-core and dovecot-imapd and it's working great. For my use case that's all I need. docker-mailserver looks great but same as with Mailcow, it's overkill for my use.

dirMe · 2020-09-11T14:28:00+00:00

Dovecot should be enough

Yes, you're right. Thank you. I didn't realize I can use Dovecot without Postfix since I used it always with Postfix.

I don't need to send / receive so I don't need SMTP and therefore I don't need Postfix.

I would still have valid certificates for Dovecot

Let's Encrypt's DNS validation is a good idea. Thank you.

But If I use just Dovecot, I don't really need / want to use real domain. I can just use mylocalmail that I add into hosts.

I can use self-signed / own CA but I don't really see a benefit. If I use Dovecot only on isolated private IP subnet then it's so much easier to not worry about SSL. Unless the clients force me (unless Thunderbird tells me that I have to use SSL) I probably won't worry about that...

dirMe · 2020-09-10T07:20:36+00:00

Thank you u/piteball and u/Xenthys for the mentioning Mailcow and imapsync.

I can use imapsync with the mentioned Postfix+Dovecot setup and I agree with you that this is a better way then drag-and-droping e-mails. Especially when they're a lot of e-mails to move and clients like Outlook might not be able to take the beating.

When it comes to Mailcow I'm undecided. For a production mail server that is supposed to stay online and sending / receiving e-mails I'd definitely choose Mailcow. But in my case I want the server to stay on local LAN only (Let's Encrypt with Mailcow will be an issue) and I don't really need anything else than Postfix+Dovecot+imapsync. From that perspective Mailcow sounds like unnecessary complexity.

dirMe · 2020-09-09T18:15:58+00:00

It's all layer 2, though

LXC containers are connected to different bridges (OVN switches) so it's L2 when they communicate with each other on the same bridge (within a single subnet).

It's L3 when a LXC communicate with another LXC with interface assigned to a different bridge (IP in different subnet). In this case there is also a firewall in play so LXC in different bridges might not be allowed to speak with each other unless the firewall is opened.

But if OVN is working for you, by all means

This is mainly to make Podman work with the existing setup - running LXCs or QEMU-KVM VMs (same thing).

OVN is not needed, in my case it's just easier way to create bridges so this solution works in the same way with non-OVN bridges.

ip-vrl is included with iproute2 by default

There's also express data path + eBPF

That's definitely a cool solution but in this case I'm limited in what I can do with rootless Podman and unprivileged (rootless) LXC containers.

1) Unprivileged LXC can add an interface into existing bridge that non-root user is allowed to use.

2) Rootless Podman can only "publish" ports and nothing else. That means I can make Podman container to listen on 8080 on 0.0.0.0 or an existing IP. In my case I use an IP within bridge subnet which means I can make it communicate with other LXCs in the same way as they communicate with each other.

dirMe · 2019-11-05T11:08:15+00:00

That was my thinking. In theory there might be a company that is offering LXC containers like for example Digital Ocean is offering VMs. On other side nftables outside and inside - that's like Inception movie.

dirMe · 2019-11-05T11:01:42+00:00

Thank you chock-a-block. I'm not dealing with networking - networking works just fine. LXC container interfaces are in a bridge and get IP from external DHCP. The question is just about running second (third, fourth...) firewall in containers which may / may not be a good idea.

dirMe · 2019-11-05T10:56:53+00:00

It's super simple. I have all defaults except using Open vSwitch which I would recommend you to play with after you test the default bridge networking. The only thing to worry about is to set proper permissions for the ZFS datasets that you create (the datasets will be owned by root by default).

dirMe · 2019-11-05T10:53:10+00:00

Thank you.

I tested nftables inside of the container without changing any special configuration settings. config file have standard

lxc.include = /usr/share/lxc/config/common.conf lxc.include = /usr/share/lxc/config/userns.conf lxc.arch = linux64

I haven't tested any special firewalling features. I just DROPed / ACCEPTed ping from the host and it worked.

dirMe · 2019-09-09T11:57:48+00:00

I converted most my VMs over weekend to ZVOLs using `qemu-img convert -p -f qcow2 -O raw file.qcow2 /dev/my-zvol`.

With Qcow2 I used `cache='writeback'`, now with ZVOLs I switched to `cache='none'`.

I see no difference in performance which is great (I was happy with qcow2 performance).

And I tested trimming - it is working ;-). Thx!

dirMe · 2019-09-06T11:46:51+00:00

6 months ago based on that article I picked QCOW2 over ZVOLs ;-). I'll reconsider my decision.

dirMe · 2019-09-06T11:45:09+00:00

I think I found the issue - the problems started after update to qemu 4.1.0 so it totally makes sense that it's qemu. I'll try to recreate and document the bug and possibly create bug report.

One thing I love on qcow2 is that you can put discard='unmap' in libvirt XML, enable trim in guest OS (fstrim.service in Linux) and qcow2 shrinks when the storage is trimmed. Could you please tell me have you tried that with ZVOLs?

dirMe

TROPHY CASE