plembo

Backups with restic

We just recently began to use restic as our main backup solution at home. I'm posting this mostly to document the configuration for myself. Anyone interested in using restic should thoroughly read the documentation before proceeding.

By default, backups are run with encryption and compression enabled. Although many people have all hosts in a multi-host network sharing a single repo, I chose to separate them out (to limit the impact of any future data corruption and simplify security configuration).

plembo

Notes on Debian as a server

These are some notes on instaling and configuring Debian Linux for a server. In this case, my existing home backup/application server that had been running Ubuntu Server 22.04 LTS. The occasion of this migration was a series of hardware failures that resulted in the need to reinstall the operating system.

Hardware

Everything below was done on a 6 year-old desktop-class machine with a 6th gen Intel (Skylake) i7 CPU and 32 GB non-ECC RAM. The boot drive is a (by today's standards) tiny 1 year-old (7836 power-on hours) "spare" 120 GB 2-1/2" SSD (this was the weekend, and the idea of running out to Best Buy on a Saturday was intolerable: besides, Clonezilla will make short work of any future replacement), and data is stored on a new pair of 8 TB hard disks in a JBOD arrangement. All partitions (except EFI and Swap) use the ext4 filesystem sans LVM.

The existing server had been another 3 year-old desktop-class machine with a 2nd gen Ryzen 5 CPU and 32

plembo

Brave browser on Android post install checklist

This is based on my limited initial experience with Brave browser on Android (v12). Although customization is more limited than on Linux or Windows, it can be configured to be more usable than the default. If possible, I try to configure and set up sync on a desktop before mobile for efficiency.

1. Brave Shields and Privacy: Social Media blocking. Disable all except Allow Google and Show autocomplete in address bar.

2. WebRTC handling policy. Disable non-proxied UDP.

3. Allow sites to check payment methods: Disabled.

4. IPFS Gateway: Disabled.

plembo

Ubuntu Error on apt update: Package header, MergeList

Thanks to Amr, I didn't have to rebuild my system the other day. AmrAbdeen. "Fix| Error E:Encountered a section with no Package: header, E:Problem with MergeList". GitHub Gist, 21 Nov 2015, https://gist.github.com/AmrAbdeen/59d688b3d4cf20cc81f2.

Doing an apt update on my house Ubuntu Server 22.04 LTS, I kept getting this error:

Error “E:Encountered a section with no Package: header, E:Problem with MergeList …….”

Trawled the internets for advice, none of it worked, at least one suggestion was pretty clearly dangerous (as in system-crippling dangerous).

plembo

Brave browser on Linux desktop post install checklist

This is based on my limited initial experience with Brave browser on Linux (Ubuntu desktop). There are subtle differences for Android that I'll put in a separate document when I've actually applied my changes in a methodical way.

1. Get started: Profile name and icon.

2. Import bookmarks from your previous browser (e.g., Chrome or Firefox). Brave is your default browser.

3. On startup: Open a specific page or set of pages. Enter your homepage.

4. Appearance: Brave colors, Dark. On Ubuntu, also pick GTK theme.

plembo

Suppress "~/Mail does not exist" in mutt

An annoying message, asking for permission to create a folder that mutt then never uses (unless your MTA is configured for Maildir, but that's another story).

To fix it I just added unset folder to the end of /etc/Muttrc.

You probably will want to remove that if you ever decide to switch to Maildir.

MetaEd. "Suppresss "~/Mail does not exist" in mutt". Unix & Linux StackExchange, 4 May 2023, https://unix.stackexchange.com/questions/108097/suppresss-mail-does-not-exist-in-mutt.

plembo

lxc and ufw

Problem

Basic lxc allows you to spin up lightweight system containers for testing. But if you're running a host firewall you may find it prevents your containers from acquiring an IP address over DHCP for networking, and from connecting to external hosts (like distro package servers).

NOTE: I don't use lxc in production, and have purged it from all my machines after some experimentation. Diving deeper into Docker seemed a better use of my time.

Solution

If running ufw on Ubuntu you should be able to fix that with the following command:

plembo

Steam on Ubuntu 22.04 LTS Desktop with an NVIDIA RX3050

Note the detailed heading. The subtitle should be "It's a miracle I got it to work at all". What follows are notes that I hope will help the next time I have to set this up, although I know they probably won't. They probably won't work for you either. Sorry.

Prerequisites

Make sure you're in an xorg, not wayland, session.

1. Remove any existing nvidia packages:

• sudo apt autoremove nvidia* --purge and/or
• sudo /usr/bin/nvidia-uninstall

plembo

fscrypt to encrypt existing user home

NOTE: I no longer rely on this procedure, as I've become more concerned about data corruption than privacy risks. But I also now only travel with a machine that has been privacy hardened and scrubbed of most private data, relying on secure cloud storage (Proton Drive) to retrieve any sensitive materials I may need.

Open source fscrypt provides native encryption for ext4 filesystems on Linux. With it you can encrpyt folders within a disk partition, including user folders. It cannot encrypt files in place, so data must be backed up before proceeding.

The process described below has only been tested on Ubuntu 22.04 LTS Desktop after install and user home creation. All device filesysystems are ext4. The /home directory is mounted on its own dedicated partition (e.g., "/dev/sda3"). I'm doing this to secure the personal data on a laptop from common theives, not state actors or anyone who can get access to the machine while it's running. Your Mileage May Vary. Because.

plembo

Restore Linux virtual console knocked out by NVIDIA

NOTE: This problem appears to have been cleared up with my latest NVIDIA driver update (535.171.04), and so I no longer need to make the changes noted below.

There's apparently a longstanding bug in NVIDIA's driver that can prevent the use of Linux virtual consoles ("text consoles") when plugged into the card. This doesn't affect virtual consoles when plugged into integrated graphics.

While I don't have a bug report reference for this particular issue, there is this response to an Ask Ubuntu post from 5 years ago:

Zanna. "nVidia driver kills text consoles - how to get them back?". Ask Ubuntu, 30 July 2018, https://askubuntu.com/a/662782.