ZeroDeth

On the host

Ensure these modules are loaded

cat /proc/sys/net/bridge/bridge-nf-call-iptables

Disable swap

sysctl vm.swappiness=0
swapoff -a

ZeroDeth

Docker Swarm in LXC Containers

Part of collection: Hyper-converged Homelab with Proxmox

After struggling for some days, and since I really needed this to work (ignoring the it can't be done vibe everywhere), I managed to get Docker to work reliable in privileged Debian 12 LXC Containers on Proxmox 8

(Unfortunately, I couldn't get anything to work in unprivileged LXC Containers)

There are NO modifications required on the Proxmox host or the /etc/pve/lxc/xxx.conf file; everything is done on the Docker Swarm host. So the only obvious candidate who could break this setup, are future Docker Engine updates!

ZeroDeth

This is a walkthrough of setting up a PXE server to boot Ubuntu server live install .iso over network, all on an OPNsense device. No need for Dnsmasq or http/nfs server! Should be compatible with vanilla FreeBSD and HardenedBSD devices as well.

Guide made with OPNsense 20.7 and Ubuntu 20.04.2, with the assumption that your OPNsense device is at 192.168.1.1.

Thanks to all the other guides out there. 1 2

Notes:

A couple issues I ran into with other guides is that Ubuntu's servers return 404 for older releases. Make sure to check each link used in this guide to make sure they exist! This guide works with BIOS as we use pxelinux.0 but it can be adapted fairly easily for UEFI boot.

Overview:

ZeroDeth

1. Download the ISO using the GUI (tested on https://cloud-images.ubuntu.com/lunar/current/lunar-server-cloudimg-amd64-disk-kvm.img)
2. Create the VM via CLI

VMID=<TEMPLATE ID HERE>
STORAGE=<YOUR STORAGE HERE>

qm create $VMID --memory 2048 --balloon 0 --core 2 --name ubuntu-cloud --net0 virtio,bridge=vmbr0
cd /var/lib/vz/template/iso/
qm importdisk 5000 lunar-server-cloudimg-amd64-disk-kvm.img $STORAGE
qm set $VMID --scsihw virtio-scsi-pci --scsi0 ${STORAGE}:vm-$VMID-disk-0,discard=on,ssd=1

ZeroDeth

OPNsense + ProtonVPN + Wireguard

Published: 16 December 2022

Reference: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

Goal: Set up one or more Wireguard connections from ProtonVPN on OPNsense, with policy based routing, and optional Killswitch.

I'm writing this guide first as a reference for my future self for when I inevitably forget how to do this, but also to help others out. I found there were not many guides on this specific configuration, particularly not with multiple concurrent connections, and these were some steps which were not at all obvious. I did begin with the guide in the official OPNsense documentation, but even that was missing info to make ProtonVPN work. If you are a pfSense user, it is very similar to OPNsense, and you should be able to follow along with some success, but I have not tested it myself.

ZeroDeth

These are instructions for booting from an Ubuntu liveCD and installing NixOS on a machine. I needed to do this because the NixOS liveCD doesn't work on my machine (NixOS/nixpkgs#5829), so I'm just using the Ubuntu installation media as something to boot into.

Much of this is from discussion at NixOS/nixpkgs#14680.

---

Get the Ubuntu ISO: http://releases.ubuntu.com/16.04.1/ubuntu-16.04.1-desktop-amd64.iso

Write it to a USB drive with unetbootin

ZeroDeth

ddns-update-style none;
deny bootp; #default
authoritative;

include "/etc/dhcp/ipxe-option-space.conf";

# GREEN (private network)
subnet 10.1.1.0 netmask 255.255.255.0 {
    range 10.1.1.100 10.1.1.199;
    option subnet-mask 255.255.255.0;

ZeroDeth

// ==UserScript==
// @name         noVNC Paste for Proxmox
// @namespace    http://tampermonkey.net/
// @version      0.2a
// @description  Pastes text into a noVNC window (for use with Proxmox specifically)
// @author       Chester Enright
// @match        https://*
// @include      /^.*novnc.*/
// @require http://code.jquery.com/jquery-3.3.1.min.js
// @grant        none

ZeroDeth

Methods of Signing with a GPG Key on MacOS

Last updated September 21, 2022

This Gist explains how to do this using gpg in a step-by-step fashion. Previously, krypt.co was heavily mentioned, but I've only recently learned they were acquired by Akamai and no longer update their previous free products. Those mentions have been removed.

For using a GUI-based GIT tool such as Tower or Github Desktop, follow the steps here for signing your commits with GPG.

There has been a number of comments on this gist regarding some issues around the pinentry-program and M1 Macs. I've finally gotten a chance to try things out on an M1 and I've updated the documentation in 2-using-gpg.md to reflect my findings.

ZeroDeth

  programs.starship = {
      enable = true;
      settings = {
        # "$schema" = "https://starship.rs/config-schema.json";
        add_newline = true;
        command_timeout = 500;
        continuation_prompt = "[∙](bright-black) ";
        format = "[](0x9A348E)$username$hostname$localip$shlvl$singularity$kubernetes[](fg:0x9A348E bg:0xDA627D)$directory$vcsh[](fg:0xDA627D bg:0xFCA17D)$git_branch$git_commit$git_state$git_metrics$git_status$hg_branch[](fg:0x86BBD8 bg:0x06969A)$docker_context$package$buf[](fg:0xFCA17D bg:0x86BBD8)$c$cmake$cobol$container$daml$dart$deno$dotnet$elixir$elm$erlang$golang$haskell$helm$java$julia$kotlin$lua$nim$nodejs$ocaml$perl$php$pulumi$purescript$python$rlang$red$ruby$rust$scala$swift$terraform$vlang$vagrant$zig$nix_shell$conda$spack$memory_usage$aws$gcloud$openstack$azure$env_var$crystal$custom$sudo$cmd_duration$line_break$jobs$battery[](fg:0x06969A bg:0x33658A)$time$status$shell$character";
        right_format = "";
        scan_timeout = 30;