I have been looking around for a good VPN solution to use while traveling recently. I have a few services running at home, that I really don’t want on the internet (OctoPrint, general ssh access etc), but I want to use remotely. I also want a way to secure my connection when I don’t trust the network I’m connecting through.
I had previously set up a L2TP Remote user VPN in the UniFi controller, but it had a few issues.
- Instability on android (the VPN wouldn’t even show as ‘disconnected’, it would simply stop)
- Issues when connecting to it from ipv6 cell carriers
I had heard of Wireguard a while ago and have been keeping track of development and their status on integrating with the Linux kernel. It turns out some kind soul has created a deb package to install WireGuard on Vyatta (which is what the USG is based on).
Continue reading “WireGuard on Unifi USG”
One of the first application stacks I went to install and setup on my new Raspberry Pi docker cluster was Inspircd/qwebirc/anope. This stack was running originally on a raspberry pi 1b (256MB RAM version). I wanted to move this off the pi1 since it was out of date and would need a complete reinstall to be back to full patch status. However shortly after getting it running in my swarm, I ran into issues.
The IRC server would restart every few hours, sometimes it would restart every 10 minutes or so. I deemed that as unacceptable on my basic setup even for just using it in development of IRC bots.
Continue reading “Disabling the Aggressive Inspircd Health Check”
I wanted a simple but useful project as my first bit of home automation after getting some CloudFree smart plugs. We have fairy (christmas) lights on our banisters going upstairs that we plug in whenever we want to use them, so why not set them up on the smart plugs and setup an automation to turn them on at night, and turn them off around when we should be going to bed. This seemed like a simple enough project for a first shot at it, and something that we would use.
Continue reading “Automated Stairway Night Lights”
- Stairway lights turn on before sundown
- Stairway lights turn off around bedtime on weekdays
- Stairway lights turn off slightly later on weekends
I’ve wanted to mess about with the whole home automation craze that seems to be going on, but on a fully self-hosted installation (no alexa, no google assistant, my data staying all on my network). After the SelfHosted Podcast mentioned the CloudFree smart plugs, I knew they were the right gear to try out. The smart plugs come from CloudFree which has the plugs pre-flashed with Tasmota.
The quick start guide worked perfectly for the initial setup and getting the smart plugs on my WiFi network. I’ll have that guide below (in case its lost) and continue on with my own instructions for connecting to Home Assistant via MQTT afterwards.
Continue reading “CloudFree Tasmota Smart Plug Setup”
Adding an account to use in authenticating against the LDAP directory is a simple enough. The process is done all within the LDAP directory GUI from the Domain menu option in UCS. Navigate to the “user” container, and select the add button. Select the type of the account to be a “Simple Authentication Account”, pick a username and password and click add.
- Domain -> LDAP Directory
- User Container, Add
- Type: Simple Authentication Account
- Username: my-new-auth-account
- Click Add
This user account can now be used in a service to authenticate against the LDAP server.
Continue reading “Adding UCS Authentication Account”
I encountered some issues when connecting Anope and Inspircd on the docker swarm. When running them on a single node using docker-compose, the services were able to connect just fine to Inspircd, however running in a docker swarm, there were issues in how Inspircd was filtering IPs in the default services XML block.
In order for Inspircd and Anope to talk I had to comment out some of the link block for the services. The allowmask and expected IP address didn’t quite work as intended inside the docker swarm cluster. Since the containers use a local network available to only them, I’m not worried about a rogue services server getting in. This IRC server is also primarily used for developing and testing the IRC bots I have written over the years, so its not a core part of my infrastructure. Below shows the link block that I modified from the default included in the inspircd docker container setup.
Continue reading “Connecting Inspircd and Anope on Docker-Swarm”
Back when I setup my webserver to run wordpress and dokuwiki, all the guides that I found and the guides that I followed had apache get setup with mod_php. However, after seeing this ArsTechnica WordPress Writeup, I realized that this might not have been the best way to get things going. I decided that this would be a good time to upgrade some of my webserver, so I started working on it, while my server was already setup, and the guide was on setting up a new server, the process is nearly identical, the only differences is that I had to disable/enable modules in a certain order for everything to work.
Continue reading “Apache/PHP Update”
After setting up Jenkins to auto build and deploy my IRC bots, I decided to add the next component of a CI/CD stack, automated testing. This was to use ant to run the tests, and JUnit for the testing framework for the application. I’ll be setting this up in both of my Jenkins projects, I have one that just builds my applications, and a second that builds the docker containers and pushes them to the repository.
My Jenkins setup includes 2 builds for each of my projects:
- Java Build
- Builds the java application
- This is just a general Jenkins project that uses ant to build
- Docker Build
- Builds the docker container, tags it, and pushes it to my local docker repository
- This uses Jenkins pipelines to perform the build, tag, push
The docker build pushes my production code and is used by my docker-swarm to update my locally built containers. This is the important build. The general java build is just me experimenting with Jenkins builds following the non-pipeline route.
Continue reading “Automated Testing in Jenkins”
After my initial jenkins setup, I thought my system would be good to go for a long time, however I encountered a problem with permissions after my docker cluster reboot. After all my nodes were back up, and jenkins was running, it could no longer access the docker.sock that it used to handle building and pushing containers. I tried a few things, rebuilding the container, updating it, changing some groups, and found quite a few threads on the topic. Some people had chmod’d the docker.sock to 777 (BAD) or had given jenkins root (ALSO BAD). I ended up finding the solution in using a specific entrypoint script that would determine the group to add to the jenkins user, then launch jenkins using the jenkins user from root.
Most of my additions are from sudo-bmitch’s jenkins-docker repository on GitHub. These include the dockerfile changes and the entrypoint.sh script (as well as the healthcheck mentioned later on).
Continue reading “Jenkins Docker Revisit”
Due to unforeseen events, I ended up having to shutdown all of my servers. Due to this, my docker VM cluster ended up getting its first chance to reboot the entire stack of all nodes. This ended up showing some problems in my configuration sadly, as well as a docker issue I had previously encountered in my raspberry pi cluster.
Continue reading “Docker Cluster Reboot”