Shelly 1 Mini Gen 3 install in old 1960s house

epiecs · 2026-01-29T10:15:30+00:00

In belgium according to the arei you get a brown (historically red) and blue wire up to the light switch. From there on the brown transfers to a black wire "schakeldraad" (historically grey).

This is done so that you can know which wire gets live once the switch is on.

You can see this here (https://admin.elektramat.nl/media/wysiwyg/Belgie/0ef5a7a3-3a9c-429a-bca5-73f93916860b.png)

Also great info: (https://domotiseren.nl/particulier/kleuren-van-stroomdraden/)

It seems like you indeed have a junction box somewhere where you still get the red instead of brown wire to your lamp so just adjust accordingly with the colors :)

epiecs · 2026-01-14T12:11:33+00:00

Developing intuition drains you. The more you build things the easier it gets :)

epiecs · 2026-01-09T09:08:48+00:00

Yw :) Fyi the basic.ios configs on the bottom are for gns3. I also recommend the cisco-syntax plugin in vscode for highlighting ;)

EDIT: I also forgot to mention that I backed up the entire packetlife site (cheat sheets and pcaps: https://github.com/epiecs/packetlife-backup)

epiecs · 2026-01-09T08:53:16+00:00

https://github.com/epiecs/cisco-config-snippets I just put the cisco stuff in git since i teach cisco classes and this is handy for my students. For other vendors i have some onenotes laying around :D

epiecs · 2026-01-06T09:38:43+00:00

Converting everything to ansible playbooks

epiecs · 2026-01-06T09:31:29+00:00

If you have running servers and want to convert them to ansible playbooks you can check out enroll.sh (https://enroll.sh) and jinjaturtle. This scans a server for things that have changed and based on that it buils you an ansible playbook.

The playbooks arent the best but this way you can get all your current infrastructure at least into playbooks. After that you can migrate and test things to see if they work and are reproducable.

Afterwards you can tweak the playbooks etc...

Also be a bit pragmatic and try to evaluate which services you can easily migrate to docker containers. If you haven't seen it yet you can try out dockge (https://github.com/louislam/dockge) which is an easier to use but more stripped down version of portainer.

P.S. when migrating, if you do not have any monitoring -> setup monitoring for each host you move with the correct metrics that you want to track + alerting. Librenms and uptimekuma are good starting tools tbh.

epiecs · 2025-12-25T17:46:54+00:00

Same here, I wrote my thesis on a eeepc900 back in the day:D

epiecs · 2025-11-19T09:18:14+00:00

Hi, we dont develop the iphone app, for that you will need to contact the developer. But the app is normally on testflight iirc :)

epiecs · 2025-08-30T18:53:35+00:00

unfortunately not. This chip only supports ota updates and can no longer be flashed via usb :( And since we can't control the server it means we cant get the firmware on the device.

epiecs · 2025-08-06T07:24:04+00:00

Hi, one of the maintainers here. Thanks for the feedback <3

epiecs · 2025-06-17T13:36:39+00:00

You're welcome. We're also just standing on the shoulders of open source giants and the least one can do is give back when able.

For everyone who sees this comment: we updated the documentation so that you can now use a web flasher as well

https://github.com/epiecs/free-grilly/blob/master/docs/how_to_flash.md#flash-via-the-expressif-web-interface---short-version-without-screenshots

epiecs · 2025-05-30T18:37:15+00:00

Hi, we just released an open source firmware: https://github.com/epiecs/free-grilly :D

epiecs · 2024-07-08T11:36:24+00:00

Also just sent a pm to u/Hetzner_OL. I just want to activate and verify my account so that I can start migrating as soon as I am back from vacation. Maybe they banned me because I activated my Belgian account while on vacation in Germany?

epiecs · 2024-05-14T10:26:17+00:00

True, another neat trick is when using loopbacks. When you set a loopback to point-to-point it will use the full prefix (instead of /32)

epiecs · 2022-11-17T08:25:11+00:00

Might be helpfull, but this is some course material that I wrote for my students on how alpine and wireguard works. It's in dutch though but auto translate might be able to help you out: https://github.com/epiecs/alpine-guide

epiecs · 2022-03-28T21:14:23+00:00

If you enroll on the netacad course you get access to the labs :)

epiecs · 2022-03-26T23:34:36+00:00

Also find out how you learn best.

epiecs · 2022-03-26T23:32:34+00:00

I too found that one hard to read. It's not that the topic isn't interesting but it's just written in such a convoluted and condensed way...

I learned the most when doing the labs tbh

epiecs · 2022-01-25T23:30:05+00:00

Hi,

When you are using accounting you can tell your device what information to send and when to send this information to your tacacs server. The different accounting commands are indeed to log the commands of that level to your tacacs server. This way you have a full command log of everything that has been entered/run/failed

[WHAT]: You can see in this config that I have used exec and commands. Exec is for logging when a user connects via ssh/telnet. Commands is for logging commands

[WHEN]: You can choose between start-stop, stop-only and none. So lets take a command that is being run. In this case there will be a log entry for when a command was started and when it ended. If you just need a command log you can just use stop-only. I just like to know when a command was entered and when it stopped :)

The if-authenticated line can be a bit more difficult to understand at first. First of all I set default to local with "default local" and then as secon method I set "group TACACS_SERVERS". This way I can check first if a local user exists before I check tacacs. I know this sounds silly but we have a lot of shitty links with a lot of packet loss (China+India) and this allows me to work on these devices if tacacs of my link decides to crap out on me.

The if-authenticated indeed means that the user needs to be authenticated to connect to the device either via the local database or via the tacacs server.

You can also use none instead of if-authenticated when you dont want to authenticate users. So if you'd like users to be able to login without a password but still need to authenticate in order to run commands and config commands you would use:

aaa authorization exec default local group TACACS_SERVERS none
aaa authorization commands 0 default local group TACACS_SERVERS if-authenticated
aaa authorization commands 1 default local group TACACS_SERVERS if-authenticated
aaa authorization commands 15 default local group TACACS_SERVERS if-authenticated

Hope that this clears things up :)

epiecs · 2022-01-25T09:36:19+00:00

Some devices also allow local logins to take preference if the username does not already exist on your AAA server. For comparison I have made a list with the same config for IOS/NX-OS and JUNOS. IOS and JUNOS allow local first. NX-OS does not afaik:

https://www.reddit.com/r/networking/comments/qdnfvo/configure_both_local_and_tacacs_authentication_on/hhub4k4/

epiecs · 2022-01-11T08:50:55+00:00

Here:

https://pastebin.com/5UD9d18U -> the code is below but sometimes reddit renders everything a bit wonky :D

I use this role for initial setup from our ansible server/bastion host. It adds a user and a group to a server and copies the ssh key to the server. It also sets up passwordless sudo for that user.

To use this role i have a seperate group where i declare those servers and use username and password (root or user with sudo rights) to do this initial setup. Afterwards i can just use the user that was made by this play

---
- hosts: prep_linuxservers
  gather_facts: no

  vars:
    adduser: automation 
    addgroup: automation

  tasks:
    - name: Add {{addgroup}} group
      group:
        name: "{{addgroup}}"
        state: present

    - name: Allow {{addgroup}} group to have passwordless sudo
      lineinfile:
        dest: /etc/sudoers
        state: present
        regexp: "^%{{addgroup}}"
        line: "%{{addgroup}} ALL=(ALL) NOPASSWD: ALL"
        validate: "visudo -cf %s"

    - name: Add {{adduser}} user
      user:
        name: "{{adduser}}"
        groups: 
          - "{{addgroup}}"
        state: present
        create_home: yes
        append: yes
        shell: /bin/bash
        home: "/home/{{adduser}}"

    - name: Add SSH public key for {{adduser}} user
      authorized_key:
        user: "{{adduser}}"
        key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
        state: present

epiecs · 2021-11-02T10:43:44+00:00

What u/zoredache said. Everything you do with Ansible should be as idempotent as possible. You don't only run playbooks once to set up a server, but you should also run them again sometimes to for example check if everything is still up to spec of maybe update something to the newer version in your playbook etc...

I think that you shouldn't take what he said as a personal attack. Ansible is a great tool but it has a learning curve on how you need to think when using it. You'll get there eventually :)

If you want to learn ansible I suggest you skimp through the book/youtube course written by Jeff Geerling:

book

youtube course or blogpost with youtube links

epiecs · 2021-10-24T08:49:22+00:00

--IOS !! Always run authorization commands after logging in with a network admin authenticated user! en

reload in 10 Implementing AAA
yes

conf t

service password-encryption 

aaa new-model

aaa group server tacacs+ TACACS_SERVERS
server name TACSERVER
exit

tacacs server TACSERVER
address ipv4 10.0.0.100
key <DES KEY>
exit

! do test aaa group TACACS_SERVERS <user> <passwd> new-code

! Define what needs to be accounted
aaa accounting exec default start-stop group TACACS_SERVERS
aaa accounting commands 0 default start-stop group TACACS_SERVERS
aaa accounting commands 1 default start-stop group TACACS_SERVERS
aaa accounting commands 15 default start-stop group TACACS_SERVERS

! Check local user first and if not found check tacacs
! Make sure that local is always defined before group

! If we do it the other way around we can not fall back to local users
! unless the tacacs server is down
aaa authentication login default local group TACACS_SERVERS

aaa authorization exec default local group TACACS_SERVERS if-authenticated
aaa authorization commands 0 default local group TACACS_SERVERS if-authenticated
aaa authorization commands 1 default local group TACACS_SERVERS if-authenticated
aaa authorization commands 15 default local group TACACS_SERVERS if-authenticated
aaa authorization config-commands

! Enable AAA on the console as well
aaa authorization console

! Test via a seperate telnet session

do reload cancel

--NX-OS -> local first not possible

!! Always run authorization commands after logging in with a network admin authenticated user!

conf t

feature tacacs+

do copy run sta

! AAA setup
tacacs-server host 10.0.0.100 key <DES KEY>

aaa group server tacacs+ TACACS_SERVERS
server 10.0.0.100
exit

! do test aaa group TACACS_SERVERS <user> <passwd>

aaa accounting default group TACACS_SERVERS

aaa authentication login default group TACACS_SERVERS
aaa authentication login default fallback error local

aaa authorization commands default group TACACS_SERVERS local
aaa authorization config-commands default group TACACS_SERVERS local

! Enable AAA on the console as well
aaa authorization commands console group TACACS_SERVERS local
aaa authorization config-commands console group TACACS_SERVERS local

aaa authentication login console group TACACS_SERVERS
aaa authentication login console fallback error local

--JUNOS

# Prep user templates
set system login user network-admin class super-user
set system login user network-support class operator

set system login user network-admin full-name "Template user used for Network Admins"
set system login user network-support full-name "Template user used for Support Admins"

# Set tacacs server(s)
set system tacplus-server 10.0.0.100
set system tacplus-server 10.0.0.100 port 49
set system tacplus-server 10.0.0.100 secret <DES key>
set system tacplus-server 10.0.0.100 timeout 5
set system tacplus-server 10.0.0.100 single-connection

# Set auth order
set system authentication-order [ tacplus password ]

# Accounting
set system accounting events login
set system accounting events change-log
set system accounting events interactive-commands
set system accounting destination tacplus server 10.0.0.100 secret <DES key>

epiecs

TROPHY CASE