Vectops https://vectops.com Stuff that just works Mon, 21 Feb 2022 09:53:53 +0000 en-US hourly 1 https://wordpress.org/?v=5.9.3 https://vectops.com/wp-content/uploads/2019/12/cropped-9684_Vectops_logo_MR_03-scaled-2-150x150.png Vectops https://vectops.com 32 32 Deploy PiHole in your NAS via Docker https://vectops.com/2022/02/deploy-pihole-in-your-nas-via-docker/ https://vectops.com/2022/02/deploy-pihole-in-your-nas-via-docker/#respond Sun, 20 Feb 2022 08:00:52 +0000 https://vectops.com/?p=1949 If you read our post about compiling your own binaries for WD MyCloud OS5 where we explained how to install and use packages like Docker, you may want to deploy your first container. Say you have installed any extension like uBlock in your browser that blocks all the ad crap from the websites you visit. […]

The post Deploy PiHole in your NAS via Docker appeared first on Vectops.

]]>
If you read our post about compiling your own binaries for WD MyCloud OS5 where we explained how to install and use packages like Docker, you may want to deploy your first container.

Say you have installed any extension like uBlock in your browser that blocks all the ad crap from the websites you visit. Sometimes it is just not enough: you may not be able nor want to install browser extensions on mobile devices, or simply sometimes you don’t even have the chance to do so.

Friendly reminder: we maintain this site thanks to ads after all, maybe we’re shooting ourselves in our foot with this post though! It’s okay, we understand it, even support it.

Given that, you’ll need to change the scope of the solution. In this case, we propose stepping up from the browser level to the network, DNS level. That’s where we are focusing today, and yeah, we will make our NAS provide that feature!

Pre-checks

Before starting, have you tried to run the basic Docker command in your NAS? Remember you can do this by just connecting via SSH and typing:

$ docker -v
Docker version 20.10.12, build e91ed57

There we go, we have Docker available, ready to deploy a PiHole container to block almost every ad around the Internet.

Installing PiHole on Docker

At this point you can just visit our profile on GitHub and clone the wdmycloud-dockerfiles repository, where you can find a variety of software pieces ready to run on your MyCloud OS5 NAS.

$ git clone https://github.com/vectops/wdmycloud-dockerfiles.git
$ cd wdmycloud-dockerfiles/pihole

Now, run this command and let the magic happen:

$ docker-compose up -d

It will:

  • Pull the PiHole Docker image in your NAS
  • Apply a basic configuration to fire up the container

After it finishes, you will be able to manage your Pihole through its web UI in the following URL: http://you_nas_ip:8080/admin.

Configuring your environment

From this panel you can configure lots of things to get PiHole working in your local network as you’d like to. Now it’s time to configure your network to start using your PiHole instance at a DNS configuration level. You have multiple ways to do:

  • Configure your DNS in DHCP Server on your main router
  • Configure each device with this custom DNS

I prefer configuring the DNS in the dhcp-server, so every device on my network uses DHCP protocol to get access to the Internet (and yes, it is possible to use "static IP addresses" with the dhcp-server lease option) and gets all the ads blocked by default with no extra effort.

After this step, you are done setting everything up and will start browsing ad-free from every device on your network!

Thank you for reading, I would be very pleased to know if this article helped you get a PiHole working on your local NAS!

See you next time. Don’t forget to share & leave a comment!

The post Deploy PiHole in your NAS via Docker appeared first on Vectops.

]]>
https://vectops.com/2022/02/deploy-pihole-in-your-nas-via-docker/feed/ 0
Compile your own binaries for WD MyCloud OS5 https://vectops.com/2022/02/compile-your-own-binaries-for-wd-mycloud-os5/ https://vectops.com/2022/02/compile-your-own-binaries-for-wd-mycloud-os5/#respond Sat, 19 Feb 2022 08:00:14 +0000 https://vectops.com/?p=1940 Recently, I bought a WesternDigital MyCloud PR2100 NAS. It runs a simple Linux OS with some pre-built packages but somehow I feel it’s not enough and it could be used for more stuff, so I thought "can you imagine running Docker and deploying your own Dockerfiles on this thing?". And well, now I have an […]

The post Compile your own binaries for WD MyCloud OS5 appeared first on Vectops.

]]>
Recently, I bought a WesternDigital MyCloud PR2100 NAS. It runs a simple Linux OS with some pre-built packages but somehow I feel it’s not enough and it could be used for more stuff, so I thought "can you imagine running Docker and deploying your own Dockerfiles on this thing?". And well, now I have an answer for that: "yes, you can!".

Introduction

Let’s see how it works. The NAS has a simple hardware setup:

  • Intel Pentium N3710 quad-core @ 1.60Ghz x86_64
  • 4GiB DDR3 1600Mhz 2x2gb dual-channel
  • 2 ports gigabit ethernet (bonding configurable)
  • 2x SATA3 6Gbps ports hot-swap

This setup it’s already far from brand-new and has been present for a few years, mainly for non-technical audience. However, those are not bad specs at all. Just remember the latest Raspberry Pi v4 with 8GiB of RAM, for example. It’s not that far from it, right?

Anyway, you’re here because you want to install more packages in your WD MyCloud OS5, so let’s focus on that.

Grabbing the binaries

First of all, you need a computer with Docker engine already installed, say a laptop for example, then go ahead and clone this repository. It is where the WD Community puts its own source packages to be compiled locally and installed in your NAS:

$ git clone https://github.com/WDCommunity/wdpksrc.git
$ cd wdpksrc

Now, its time to let Docker work:

docker build -t wdpk .
docker run -it -v $(pwd):/wdpksrc wdpk /bin/bash

If everything went right, you will see some like this:

root@021ca29af42e:/wdpksrc# ls
Dockerfile  LICENSE  README.md  build.sh  build_and_install.sh  mksapkg-OS3  mksapkg-OS5  packages  tests  wdpk

On this environment, we can build any package inside wdpksrc directory. On this example, we are compiling a Docker package, so just run:

cd wdpksrc/docker
./build.sh

The process will take around 1 minute or so.

Installing packages on a WD NAS running OS5

After the process has been completed, you will have available a .tar.gz file containing the binaries on the packages/ directory. Uncompress the .tar.gz and install the package through your WD MyCloud OS5 web UI.

When you are done installing it, connect via SSH to your NAS. Then you should have available the docker command. Beside this installation, you will also have a Portainer web UI available on this URL: http://IP_NAS:9000/

That’s it! Now you can explore the public Docker images and run whatever you want in your NAS. If you are thinking of running a PiHole instance, just hold on and read the next post.

Cheers!

The post Compile your own binaries for WD MyCloud OS5 appeared first on Vectops.

]]>
https://vectops.com/2022/02/compile-your-own-binaries-for-wd-mycloud-os5/feed/ 0
Dual booting Arch Linux and Windows https://vectops.com/2022/02/dual-booting-arch-linux-and-windows/ https://vectops.com/2022/02/dual-booting-arch-linux-and-windows/#respond Fri, 18 Feb 2022 08:20:34 +0000 https://vectops.com/?p=1896 When it comes to desktop, it is pretty common that we may end up needing a ready-to-use Windows host beside our daily use Linux system. If that is your case, forget about spamming your F key at startup so you can boot one or another from your motherboard’s boot selector and just let Systemd care […]

The post Dual booting Arch Linux and Windows appeared first on Vectops.

]]>
When it comes to desktop, it is pretty common that we may end up needing a ready-to-use Windows host beside our daily use Linux system. If that is your case, forget about spamming your F key at startup so you can boot one or another from your motherboard’s boot selector and just let Systemd care about that.

Assumptions:

  • You are using systemd-boot as UEFI manager, NOT GRUB
  • You run Arch Linux and Windows on the same machine (it doesn’t matter if they are installed on different partitions or separate physical disks)

First things first! Fire up your Arch, get a root shell and mount the Window’s EFI partition:

mount /dev/sdXN /mnt # replace 'sdXN' accordingly to your Windows' disk address

Copy /mnt/EFI/Microsoft folder inside the /boot directory:

cp -r /mnt/EFI/Microsoft/ /boot/EFI/Microsoft/

Add a new entry for Windows by creating a new /boot/loader/entries/windows.conf file, containing:

title   Windows 10
efi     /EFI/Microsoft/Boot/bootmgfw.efi

Apply changes by running:

bootctl update

Check that the new entry is showing correctly with:

bootctl list

It should output something like this:

Boot Loader Entries:
        title: Arch Linux
           id: arch.conf
       source: /boot/loader/entries/arch.conf
        linux: /vmlinuz-linux
       initrd: /initramfs-linux.img

        title: Windows 10
           id: windows.conf
       source: /boot/loader/entries/windows.conf

Once done, reboot your system and wait for systemd-boot to show up with both Arch and Windows 10 entries.

Until we meet again!

The post Dual booting Arch Linux and Windows appeared first on Vectops.

]]>
https://vectops.com/2022/02/dual-booting-arch-linux-and-windows/feed/ 0
Configure Mikrotik with OVH DynDNS https://vectops.com/2022/02/configure-mikrotik-with-ovh-dyndns/ https://vectops.com/2022/02/configure-mikrotik-with-ovh-dyndns/#respond Thu, 17 Feb 2022 11:00:37 +0000 https://vectops.com/?p=1953 Say you want to connect to your homelab or local network via VPN. This is possible thanks to software like WireGuard or ZeroTier among other older solutions (OpenVPN, PPTP, L2TP)… Right, but you know that, in order to connect through this kind of software you need the public IP address of the VPN server. If […]

The post Configure Mikrotik with OVH DynDNS appeared first on Vectops.

]]>
Say you want to connect to your homelab or local network via VPN. This is possible thanks to software like WireGuard or ZeroTier among other older solutions (OpenVPN, PPTP, L2TP)…

Right, but you know that, in order to connect through this kind of software you need the public IP address of the VPN server. If you run this software in your home you probably have a dynamic public IP address assigned, as most of the ISP providers offer out there. So there’s a problem.

Introduction

Let’s pretend you can connect to your home’s VPN server no matter what IP address it has assigned, without paying an extra cent for it. Wouldn’t you love that? We do so too, and yep, there’s always a way.

The only thing you need to achieve this is your own domain (there are other solutions that don’t involve having a custom domain, but as those are non self-hosteable or fully manageable we won’t be covering them on this post).

With the DynDNS service you can update a type A DNS record when the record’s value changes, automatically, just by setting up a DynDNS client with a given timeout of your liking, say 5 minutes, 10 minutes, or 2 hours.

In this post we’ll explain how to configure your Mikrotik to use the OVH DynDNS feature. Before starting, please follow the link and configure your domain in OVH panel just as the guide says.

Pre-checks

Now, we also said this is for Mikrotik router users, so to configure OVH DynDNS in your Mikrotik, this is all we need:

- OVH DynDNS user
- OVH DynDNS password
- OVH DynDNS host (subdomain)
- Mikrotik Interface where is the public ip

To check your current’s Mikrotik public IP address, you can just issue this command via SSH or terminal web:

/ip address print

It will list all the address configured on your Mikrotik. Just look for the one marked with the D flag, that means Dynamic, and check the name of INTERFACE column. In case you have multiple dynamic addresses for whatever reason, look for the one matching the WAN interface.

Setting up the DynDNS client script

Now go to your Mikrotik web interface and browse to the System -> Scripts menu, click on Add new, and fill in the form fields as follows:

- Name: ovh-ddns
- Policy: read, write, test

For the source, you can just copy this script we already tested and tried.

After that click on OK. You need to configure the script, just review the first line and add the configuration we did get before:

:global ovhddnsuser "<OVH DynDNS USER>"
:global ovhddnspass "<OVH DynDNS PASS>"
:global theinterface "<INTERFACE THAT HAS YOUR PUBLIC IP>"
:global ovhddnshost "<OVHDynDNS HOSTNAME>"

Now you can test the script just by applying and clicking on Run Script. If everything is correct, you can see how, on your OVH panel, the DNS record configured with the public IP address has been automatically updated. Maybe you want to use a dig command to check it out. That’s up to you 🙂

Scheduling the DynDNS script

Right, but here’s the thing. At this point, if you don’t click on the "Run script" button, the script won’t trigger itself. Hopefully that is quite simple to fix: just configure a Scheduler to run this script on a given time basis (say 10 minutes).

To achive this, from your Mikrotik’s web UI, go to System -> Scheduler menu, and click on Add new, then just fill each field with the next details:

- Name: ovh-ddns
- Interval: 00:10:00
- Policy: read, write, test
- On event: /system script run ovh-ddns

If for some reason you prefer setting this up through the cli, just run this command via SSH:

/system scheduler 
add interval=10m name=ovh-ddns on-event="/system script run ovh-ddns" policy=read,write,test start-time=startup

Remember that you can change the interval accordingly to your fit your own needs.

With that, we can say we’re done! You have configured the OVH DynDNS on your Mikrotik, and now you can connect remotely to your home network by pointing your VPN configuration to your very own, automatically updated domain record.

See you next time, don’t forget to share & leave a comment!

The post Configure Mikrotik with OVH DynDNS appeared first on Vectops.

]]>
https://vectops.com/2022/02/configure-mikrotik-with-ovh-dyndns/feed/ 0
Send multi-line Telegram messages using cURL https://vectops.com/2022/02/send-multiline-telegram-messages-using-curl/ https://vectops.com/2022/02/send-multiline-telegram-messages-using-curl/#respond Thu, 17 Feb 2022 08:17:49 +0000 https://vectops.com/?p=1893 Not much context behind this one, I have been messing with stuff like this recently while doing some scripting and found it worth enough bringing it here. The solution is fairly simple, declare the needed variables: BOT_API_TOKEN='<your bot token here>' CHAT_ID='<your chat ID here>' MSG=' This is a simple multiline message ' Then just build […]

The post Send multi-line Telegram messages using cURL appeared first on Vectops.

]]>
Not much context behind this one, I have been messing with stuff like this recently while doing some scripting and found it worth enough bringing it here. The solution is fairly simple, declare the needed variables:

BOT_API_TOKEN='<your bot token here>'
CHAT_ID='<your chat ID here>'
MSG='
This is a simple
multiline message
'

Then just build the requests like this:

curl --data "chat_id=${CHAT_ID}" --data-urlencode "text=${MSG}" 'https://api.telegram.org/bot'${BOT_API_TOKEN}'/sendMessage'
                                 ------------------------------

Stay safe!

The post Send multi-line Telegram messages using cURL appeared first on Vectops.

]]>
https://vectops.com/2022/02/send-multiline-telegram-messages-using-curl/feed/ 0
3 ways to set up DynDNS with CloudFlare https://vectops.com/2022/02/3-ways-to-set-up-dyndns-with-cloudflare/ https://vectops.com/2022/02/3-ways-to-set-up-dyndns-with-cloudflare/#respond Wed, 16 Feb 2022 08:13:20 +0000 https://vectops.com/?p=1880 Shout-out to all the selfhosters around there! Ever thought about running your own dynamic DNS system without relying on third-party providers? Well, me too, not going to lie. Luckily, if you own a domain and have a CloudFlare account, there’s a few things we can do about that. Today, we are bringing a bunch of […]

The post 3 ways to set up DynDNS with CloudFlare appeared first on Vectops.

]]>
Shout-out to all the selfhosters around there!

Ever thought about running your own dynamic DNS system without relying on third-party providers? Well, me too, not going to lie.

Luckily, if you own a domain and have a CloudFlare account, there’s a few things we can do about that. Today, we are bringing a bunch of different approaches to face this scenario, so let’s get down to it.

General assumptions:
  • Have your own domain
  • Set up your domain’s DNS with CloudFlare
  • Have a CloudFlare account with DNS management capabilities
  • This task works with IPv4 only (for now)

Classic Linux cronjob with a simple cURL

Specific assumptions:
  • Have access to a Linux host (no root permissions needed)
  • Have the jq package installed

Being this one the simplest way to achieve our goal, just save the following script to a file:

DNS_ZONE='<your DNS zone ID here>'
DNS_RECORD='<your DNS record ID here>'
AUTH_KEY='<your CloudFlare API token here>'
EMAIL_ADDRESS='<your CloudFlare's email account here>'
DNS_RECORD_NAME="\"<your.domain.tld here>\""
CURRENT_IP_ADDRESS="\"$(curl -s ip.me)\""
CURRENT_DNS_VALUE=$(curl -sX GET "https://api.cloudflare.com/client/v4/zones/${DNS_ZONE}/dns_records/${DNS_RECORD}" -H "Content-Type:application/json" -H "X-Auth-Key:${AUTH_KEY}" -H "X-Auth-Email:${EMAIL_ADDRESS}" | jq '.result["content"]')

if [ ${CURRENT_DNS_VALUE} != ${CURRENT_IP_ADDRESS} ]; then
    curl -sX PUT "https://api.cloudflare.com/client/v4/zones/${DNS_ZONE}/dns_records/${DNS_RECORD}" -H "X-Auth-Email:${EMAIL_ADDRESS}" -H "X-Auth-Key:${AUTH_KEY}" -H "Content-Type:application/json" --data '{"type":"A","name":'${DNS_RECORD_NAME}',"content":'${CURRENT_IP_ADDRESS}'}' > /dev/null
fi

Let’s say we name this file as cf-ddns.bash and save it to /opt. Then make it executable:

chmod +x /opt/cf-ddns.bash

And now let’s create a cron job that will run it every hour. Open the crontab editor with:

crontab -e

Then simply add the following line:

@hourly /bin/bash /opt/cf-ddns.bash

It is worth mentioning that the Linux machine where you are setting up this task must be behind the same NAT or on the same local network from where you want your DNS record to point to its public IP address.

Kubernetes cronjob

Specific assumptions:
  • Run a Kubernetes cluster (pretty obvious right?)

Why not!?

If you are running a self-hosted Kubernetes cluster you can just go all the way down and make use of the native cronjob feature it provides.

In this case you would only have to apply the following manifest, which creates a pod that will run the previous script we defined but it will be managed at a cluster level. (don’t forget to update the variable values according to yours!) :

apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: cf-dyndns
  namespace: default
spec:
  schedule: "@hourly"
  successfulJobsHistoryLimit: 0
  failedJobsHistoryLimit: 1
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: cf-dyndns
            image: bash:latest
            imagePullPolicy: IfNotPresent
            restartPolicy: OnFailure
            command:
            - /usr/local/bin/bash
            - -c
            - apk add --update curl jq &>/dev/null ; DNS_ZONE='<your DNS zone ID here>' DNS_RECORD='<your DNS record ID here>' AUTH_KEY='<your CloudFlare API token here>' EMAIL_ADDRESS='<your CloudFlare account's email here>' DNS_RECORD_NAME="\"<your.domain.tld here>\"" CURRENT_IP_ADDRESS="\"$(curl -s ip.me)\"" CURRENT_DNS_VALUE=$(curl -sX GET "https://api.cloudflare.com/client/v4/zones/${DNS_ZONE}/dns_records/${DNS_RECORD}" -H "Content-Type:application/json" -H "X-Auth-Key:${AUTH_KEY}" -H "X-Auth-Email:${EMAIL_ADDRESS}" | jq '.result["content"]'); if [ ${CURRENT_DNS_VALUE} != ${CURRENT_IP_ADDRESS} ] ; then curl -sX PUT "https://api.cloudflare.com/client/v4/zones/${DNS_ZONE}/dns_records/${DNS_RECORD}" -H "X-Auth-Email:${EMAIL_ADDRESS}" -H "X-Auth-Key:${AUTH_KEY}" -H "Content-Type:application/json" --data '{"type":"A","name":'${DNS_RECORD_NAME}',"content":'${CURRENT_IP_ADDRESS}'}' > /dev/null; fi && echo OK || echo ERROR

You can always check its status by running:

kubectl get cronjob

Drone CI pipeline

Specific assumptions:
  • Run a Drone CI instance
  • A git repository to interact with through Drone

Another way to automate your DynDNS setup could be defining the task into a CI pipeline, and for that purpose this time we will be using Drone CI to do so.

Although Drone provides a specific plugin to interact with CloudFlare’s API with ease, in this case we will be using a basic cURL image so we can get the DynDNS logic working in a pipeline inside our .drone.yml file.

There is a very specific reason for this: as we are dealing with dynamic IP addresses that may change over time, there are some limitations with Drone when it comes to sharing variable between steps in a pipeline.

Thus the workaround we are proposing here to bypass that limitation consists of having the ability to assign to the CURRENT_IP_ADDRESS variable a value at the very time the same pipeline’s step is running, not before.

In other words, not inheriting the contents from a pipeline-level variable but to gather its value from inside the same container that will also handle its content to update our DNS record itself on the next command it runs:

---
kind: pipeline
type: kubernetes # or "docker" if you don't have a kubernetes runner configured!
name: cf-ddns

steps:
- name: Update DNS record
  image: curlimages/curl
  environment:
    AUTH_KEY:
      from_secret: cloudflare_token
    EMAIL_ADDRESS:
      from_secret: cloudflare_email
    DNS_ZONE_ID:
      from_secret: cloudflare_zone_id
    DNS_RECORD_ID:
      from_secret: cloudflare_record_id
    DNS_RECORD_NAME: <your.domain.tld here>
  commands:
    - export CURRENT_IP_ADDRESS="$(curl -s ip.me)"
    - curl -sX PUT "https://api.cloudflare.com/client/v4/zones/$DNS_ZONE_ID/dns_records/$DNS_RECORD_ID" -H "X-Auth-Email:$EMAIL_ADDRESS" -H "X-Auth-Key:$AUTH_KEY" -H "Content-Type:application/json" --data "{\"type\":\"A\",\"name\":\"$DNS_RECORD_NAME\",\"content\":\"$CURRENT_IP_ADDRESS\"}

trigger:
  event:
  - cron

As you can see we are here using secrets to provide the multiple pipeline-level variable contents too, so don’t forget to create those secrets manually inside the repository options through the Drone web interface.

Once that’s done, the last thing we need is to create the cron job that will trigger the pipeline. The cron job options are easily found in the web UI as well, but if you’d rather using the cli you can always run something like this:

drone cron add "myuser/myrepo" "cf-ddns" '@hourly'

Worth to point out, this last method gets rid of the original principle: "if the IP address has changed, then overwrite the DNS record with the current IP address" that was present on the first two examples, and just runs the HTTP request to overwrite the DNS record with whatever IP address it gathers each time, no matter if it is a new one or not.

That’s all for now. Wish it was useful!

Cheers.

The post 3 ways to set up DynDNS with CloudFlare appeared first on Vectops.

]]>
https://vectops.com/2022/02/3-ways-to-set-up-dyndns-with-cloudflare/feed/ 0
How to set up a SMTP relay on your Proxmox node https://vectops.com/2022/02/how-to-set-up-a-smtp-relay-on-your-proxmox-node/ https://vectops.com/2022/02/how-to-set-up-a-smtp-relay-on-your-proxmox-node/#respond Tue, 15 Feb 2022 08:09:26 +0000 https://vectops.com/?p=1891 5-minute craft, specially useful for those self-hosted Proxmox users who seek sending e-mails to their remote inboxes directly from their nodes: Assumptions: Your Proxmox run behind a NAT / is not directly accessible on the Internet so you find trouble sending native system e-mails by default You have an already existing e-mail address you would […]

The post How to set up a SMTP relay on your Proxmox node appeared first on Vectops.

]]>
5-minute craft, specially useful for those self-hosted Proxmox users who seek sending e-mails to their remote inboxes directly from their nodes:

Assumptions:

  • Your Proxmox run behind a NAT / is not directly accessible on the Internet so you find trouble sending native system e-mails by default
  • You have an already existing e-mail address you would want to make your Proxmox host use to send mails to you
  • The connection method to the "sender" e-mail address will be using password authentication

Step by step:

  1. First off, install some dependencies. Run as root:

    apt-get update
    apt-get install libsasl2-modules
  2. Edit the /etc/postfix/main.cf file like this (replace relayhost’s key value to suit your needs):

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    myhostname=pve.local
    
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    #mydestination = $myhostname, localhost.$mydomain, localhost
    mynetworks = 127.0.0.0/8
    inet_interfaces = loopback-only
    recipient_delimiter = +
    
    sender_canonical_classes = envelope_sender, header_sender
    sender_canonical_maps =  regexp:/etc/postfix/sender_canonical_maps
    smtp_header_checks = regexp:/etc/postfix/header_check
    
    relayhost = :
    smtp_use_tls = yes
    smtp_sasl_auth_enable = yes
    smtp_sasl_security_options = noanonymous
    smtp_tls_wrappermode = yes
    smtp_tls_security_level = encrypt
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
  3. Edit or create the /etc/postfix/sasl_passwd file, that will contain the following line (remember to place your own values there):

    :    @:
  4. Change file permissions with:

    chmod 600 /etc/postfix/sasl_passwd
  5. Run:

    postmap /etc/postfix/sasl_passwd
  6. Edit or create the file /etc/postfix/sender_canonical_maps containing:

    /.+/    @
  7. Edit or create the file /etc/postfix/header_check with the following:

    /From:.*/ REPLACE From: @
  8. Apply changes by restarting Postfix service:

    systemctl restart postfix.service

And that’s it. You can always manually test if it works by running:

echo "This is a test e-mail" | mail -s "Testing" <receiver>@<mailserver.com>

See you next time!

The post How to set up a SMTP relay on your Proxmox node appeared first on Vectops.

]]>
https://vectops.com/2022/02/how-to-set-up-a-smtp-relay-on-your-proxmox-node/feed/ 0
Terraform 1 and Proxmox; working as it should https://vectops.com/2021/06/terraform-1-and-proxmox-working-as-it-should/ https://vectops.com/2021/06/terraform-1-and-proxmox-working-as-it-should/#comments Sat, 12 Jun 2021 20:32:06 +0000 https://vectops.com/?p=1851 And work it should… A while ago we typed up a detailed article about using Terraform to provision VMs on proxmox nodes, you can find it here. That article was dependant on some versions that are no longer supported and can and will cause problems eventually. So we updated the dependencies, versions and did some […]

The post Terraform 1 and Proxmox; working as it should appeared first on Vectops.

]]>
And work it should…

A while ago we typed up a detailed article about using Terraform to provision VMs on proxmox nodes, you can find it here.

That article was dependant on some versions that are no longer supported and can and will cause problems eventually.

So we updated the dependencies, versions and did some definition refactoring in order to allow the process to work with the latest versions at the time of writing this article.

Current versions:

  • Terraform 1.0
  • Proxmox 6.4

Hooray Terraform Registry!

The Terraform Registry finally has Telmate’s Proxmox provisioner hosted on its platform so we can define it on the .tf file and forget about it.

You can find the module here: Telmate’s Proxmox Module

This allows us to happily say you no longer need to worry about installing the module manually and working out the kinks on Go’s installation methods.

Terraform Definitions

There are some changes that need to be made to the old main.tf definition file, the first one is:

terraform {
  required_providers {
    proxmox = {
      source = "Telmate/proxmox"
      version = "2.7.1"
    }
  }
}

Afterwards, we need change some other entries that are no longer supported:

Disk definitions

These definitions no longer apply as they are properly detected by the module:

    id              = 0
    storage_type    = "lvm"
    iothread        = true

Network definitions

The same happens to some of the network definitions:

    id              = 0

Github repo

We’ve uploaded the updates to Github with the updates you can also check out the commit history to see the changes yourself:

https://github.com/galdorork/tf-Proxmox

Also, we’ve updated the docker image we’ve use to run pipelines that need Terraform and (maybe) Terragrunt (wink, wink):

https://github.com/galdorork/terragrunt-proxmox-module


We’ll try to keep updating old posts to work on newer versions, but this one really needed some love.

BAIIII 🙂

The post Terraform 1 and Proxmox; working as it should appeared first on Vectops.

]]>
https://vectops.com/2021/06/terraform-1-and-proxmox-working-as-it-should/feed/ 2
How to fking use Git; like a pro https://vectops.com/2021/06/how-to-fking-use-git-like-a-pro/ https://vectops.com/2021/06/how-to-fking-use-git-like-a-pro/#respond Fri, 11 Jun 2021 08:24:28 +0000 https://vectops.com/?p=1847 TLDR; Just read this: https://git-scm.com/book/en/v2 Dear Devs, Some tasks are easily performed using a GUI, some are not, some are more convenient. However, not all tooling is available all the time. I recently had an issue with a version control interface that was failing, throwing 500 errors everywhere, but guess what? the git services were […]

The post How to fking use Git; like a pro appeared first on Vectops.

]]>
TLDR; Just read this:

https://git-scm.com/book/en/v2


Dear Devs,

Some tasks are easily performed using a GUI, some are not, some are more convenient. However, not all tooling is available all the time.

I recently had an issue with a version control interface that was failing, throwing 500 errors everywhere, but guess what? the git services were still working.

Its not only your responsibility, its your duty as a corporate developer to KNOW how to use git without all the bells and whistles of a graphical interface.

Using simple commands such as:

git branch
git checkout
git status
git merge
git commit --amend -m 

Is extremely helpful and extremely important to know when you want to work fast.

Take this into account on your current/next job offerings.

PD: yes, this is a rant.

The post How to fking use Git; like a pro appeared first on Vectops.

]]>
https://vectops.com/2021/06/how-to-fking-use-git-like-a-pro/feed/ 0
First steps with git server; the right way https://vectops.com/2021/04/first-steps-with-git-server-the-right-way/ https://vectops.com/2021/04/first-steps-with-git-server-the-right-way/#respond Sat, 03 Apr 2021 23:18:57 +0000 https://vectops.com/?p=1816 Yay! What’s up? On this article we will summarize the first steps everyone should follow when it comes to deploying your own Git server. Don’t have any yet? Read this article. Keep in mind that any host with the Git software installed and Internet connection can be a Git server, you just need to configure […]

The post First steps with git server; the right way appeared first on Vectops.

]]>
Yay! What’s up? On this article we will summarize the first steps everyone should follow when it comes to deploying your own Git server. Don’t have any yet? Read this article.

Keep in mind that any host with the Git software installed and Internet connection can be a Git server, you just need to configure a SSH connection to be able to use it.

You can install Git on your Raspberry Pi, a virtual machine on your server, on the cloud… Whatever you want, just install it!

Remote server

Ok, right. Now you have the Git software installed, but you need to create the repository first. How to do it? Very simple, just go to the directory where you want to set up the repository (remember! It needs to be accessible through SSH):

# change directory
cd /home/cooluser/repositories/

# make new directory with .git extension
mkdir coolrepo.git

# come inside
cd coolrepo.git

# run the init command
git init --bare

Local machine

Create the directory where you want to have this repository

mkdir coolrepo
cd coolrepo

Now, you need to prepare this directory for git:

git init
touch README.md
git add .
git commit -m "First commit" -a
git remote add origin ssh://sshuser@server_ip:/home/cooluser/repositories/coolrepo.git
git push origin master

Et voila, you have your own repository with full functionality.

In the future, you can do a git clone like:

git clone sshuser@server_ip:/home/cooluser/repositories/coolrepo.git

Cheers!

The post First steps with git server; the right way appeared first on Vectops.

]]>
https://vectops.com/2021/04/first-steps-with-git-server-the-right-way/feed/ 0