{"config":{"indexing":"full","lang":["en"],"min_search_length":3,"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"","title":"Home"},{"location":"links/","text":"Trent's Blog Links Home RSS Source For This Blog AudioBooks Attention Span History GitHub Twitter Facebook Trent Docs Hugo Themes Report libre_gps_parser Concise PDX Free Code Camp Challenges Device Layout Oregon Hikers' Field Guide","title":"Links"},{"location":"links/#trents-blog","text":"","title":"Trent's Blog"},{"location":"links/#links","text":"Home RSS Source For This Blog AudioBooks Attention Span History GitHub Twitter Facebook Trent Docs Hugo Themes Report libre_gps_parser Concise PDX Free Code Camp Challenges Device Layout Oregon Hikers' Field Guide","title":"Links"},{"location":"rss/","text":"Trent's Blog RSS Created Updated Links Home Links","title":"RSS"},{"location":"rss/#trents-blog","text":"","title":"Trent's Blog"},{"location":"rss/#rss","text":"Created Updated","title":"RSS"},{"location":"rss/#links","text":"Home Links","title":"Links"},{"location":"posts/apache-virtual-hosts/","text":"date: 2020-12-20 Use Virtual Hosts This is a very useful way to keep your server organized. Virtual Hosts On Your Lan You can practice on your Lan. Setting up DNS on your Lan For instance, if your router is running dnsmasq , this may be as simple as describing the virtual hosts in /etc/hosts on the router. 192.168.1.101 blog.devbox blogstatic.devbox Here's An Example Reverse Proxy for A Flask Blog On Your Lan # /etc/apache2/sites-enabled/blog.devbox.conf ServerName blog.devbox # dont' block LetsEncrypt # ProxyPass \"/.well-known\" ! ... not needed on your Lan # don't block /var/www/html/favicon.ico ProxyPass \"/favicon.ico\" ! ProxyPass \"/\" \"http://127.0.0.1:8000/\" ProxyPassReverse \"/\" \"http://127.0.0.1:8000/\" ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined Here's An Example for A Static Blog On Your Lan # /etc/apache2/sites-enabled/blogstatic.devbox.conf ServerName blogstatic.devbox DocumentRoot /var/www/html/blogstatic/site ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined Wan Deployment Set up DNS Log into your dns provider and create records A record for blog.example.com pointing to your ipv4 address AAAA record for blog.example.com pointing to your ipv6 address A record for blogstatic.example.com pointing to your ipv4 address AAAA record for blogstatic.example.com pointing to your ipv6 address Start With Virtual Hosts for HTTP You don't need to create virtual hosts for SSL configuration, because CertBot will automatically do that for you. Reverse Proxy # /etc/apache2/sites-enabled/blog.example.com.conf ServerName blog.example.com # dont' block LetsEncrypt ProxyPass \"/.well-known\" ! # don't block /var/www/html/favicon.ico ProxyPass \"/favicon.ico\" ! ProxyPass \"/\" \"http://127.0.0.1:8000/\" ProxyPassReverse \"/\" \"http://127.0.0.1:8000/\" ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined Static Site # /etc/apache2/sites-enabled/blogstatic.example.com.conf ServerName blogstatic.example.com DocumentRoot /var/www/html/blogstatic/site ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined Get LetsEncrypt Certs certbot --apache -d blog.example.com -d blogstatic.example.com Certbot will create and enable new conf files with SSL encryption configured, and will modify your http conf files with redirections to https.","title":"Apache Virtual Hosts"},{"location":"posts/apache-virtual-hosts/#use-virtual-hosts","text":"This is a very useful way to keep your server organized.","title":"Use Virtual Hosts"},{"location":"posts/apache-virtual-hosts/#virtual-hosts-on-your-lan","text":"You can practice on your Lan.","title":"Virtual Hosts On Your Lan"},{"location":"posts/apache-virtual-hosts/#setting-up-dns-on-your-lan","text":"For instance, if your router is running dnsmasq , this may be as simple as describing the virtual hosts in /etc/hosts on the router. 192.168.1.101 blog.devbox blogstatic.devbox","title":"Setting up DNS on your Lan"},{"location":"posts/apache-virtual-hosts/#heres-an-example-reverse-proxy-for-a-flask-blog-on-your-lan","text":"# /etc/apache2/sites-enabled/blog.devbox.conf ServerName blog.devbox # dont' block LetsEncrypt # ProxyPass \"/.well-known\" ! ... not needed on your Lan # don't block /var/www/html/favicon.ico ProxyPass \"/favicon.ico\" ! ProxyPass \"/\" \"http://127.0.0.1:8000/\" ProxyPassReverse \"/\" \"http://127.0.0.1:8000/\" ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined ","title":"Here's An Example Reverse Proxy for A Flask Blog On Your Lan"},{"location":"posts/apache-virtual-hosts/#heres-an-example-for-a-static-blog-on-your-lan","text":"# /etc/apache2/sites-enabled/blogstatic.devbox.conf ServerName blogstatic.devbox DocumentRoot /var/www/html/blogstatic/site ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined ","title":"Here's An Example for A Static Blog On Your Lan"},{"location":"posts/apache-virtual-hosts/#wan-deployment","text":"","title":"Wan Deployment"},{"location":"posts/apache-virtual-hosts/#set-up-dns","text":"Log into your dns provider and create records A record for blog.example.com pointing to your ipv4 address AAAA record for blog.example.com pointing to your ipv6 address A record for blogstatic.example.com pointing to your ipv4 address AAAA record for blogstatic.example.com pointing to your ipv6 address","title":"Set up DNS"},{"location":"posts/apache-virtual-hosts/#start-with-virtual-hosts-for-http","text":"You don't need to create virtual hosts for SSL configuration, because CertBot will automatically do that for you.","title":"Start With Virtual Hosts for HTTP"},{"location":"posts/apache-virtual-hosts/#reverse-proxy","text":"# /etc/apache2/sites-enabled/blog.example.com.conf ServerName blog.example.com # dont' block LetsEncrypt ProxyPass \"/.well-known\" ! # don't block /var/www/html/favicon.ico ProxyPass \"/favicon.ico\" ! ProxyPass \"/\" \"http://127.0.0.1:8000/\" ProxyPassReverse \"/\" \"http://127.0.0.1:8000/\" ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined ","title":"Reverse Proxy"},{"location":"posts/apache-virtual-hosts/#static-site","text":"# /etc/apache2/sites-enabled/blogstatic.example.com.conf ServerName blogstatic.example.com DocumentRoot /var/www/html/blogstatic/site ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined ","title":"Static Site"},{"location":"posts/apache-virtual-hosts/#get-letsencrypt-certs","text":"certbot --apache -d blog.example.com -d blogstatic.example.com Certbot will create and enable new conf files with SSL encryption configured, and will modify your http conf files with redirections to https.","title":"Get LetsEncrypt Certs"},{"location":"posts/clear-linux-encrypted-xfs-root/","text":"date: 2019-04-13T21:44:37-07:00 Nothing to-it Burger I had intended to create a technical explanation how to install Clear Linux with disk encryption, with xfs. But that turned out to be unnecessary because the latest version of the installer handles setting that up automatically. Previously, I had written down the steps needed to get LMDE 3 installed using disk encryption with xfs , which required manual intervention. And indeed, a few months ago, the Clear Linux installer only supported xfs with disk encryption if you could supply some manual intervention. However, the latest Clear Linux installer can set up disk encryption with luks and xfs, automatically. Just follow the instructions , no special skills needed.","title":"Clear Linux Encrypted XFS Root"},{"location":"posts/clear-linux-encrypted-xfs-root/#nothing-to-it-burger","text":"I had intended to create a technical explanation how to install Clear Linux with disk encryption, with xfs. But that turned out to be unnecessary because the latest version of the installer handles setting that up automatically. Previously, I had written down the steps needed to get LMDE 3 installed using disk encryption with xfs , which required manual intervention. And indeed, a few months ago, the Clear Linux installer only supported xfs with disk encryption if you could supply some manual intervention. However, the latest Clear Linux installer can set up disk encryption with luks and xfs, automatically. Just follow the instructions , no special skills needed.","title":"Nothing to-it Burger"},{"location":"posts/clear-linux-guest-virt-manager/","text":"date: 2019-03-11T01:39:09-07:00 Introduction download, convert, and resize the provided kvm-legacy image create a virtual machine and launch it from virt-manager But it\u2019s not immediately clear from the instructions if you can use virt-manager , because they recommend their script which runs qemu-system-x86_64 directly. Which is fine, but maybe you find it easier to customize the options using the virt-manager gui interface. How To Assuming you have libvirt and kvm set up with virt-manager , you can: download the clear-*-legacy-kvm.img.xz verify the checksum extract it unxz clear-*-legacy-kvm.img.xz mv clear-*-legacy-kvm.img.xz /var/lib/libvirt/images/ create a virtual machine in virt-manager using the image There is not an os template for Clear Linux, but Fedora29 works fine for me. As a bonus, virsh console is configured and ready to go. Convert Raw -> Qcow2 and Resize The image has a gpt partition table. I am not sure if that is the reason why, but fdisk does not seem to work for resizing the partition. However, parted works fine. The image download is an 8gb sparse raw image. You may wish to convert that to qcow2 and and resize before creating the virtual machine. Here is how to do that. convert the sparse raw image to qcow2 qemu-img convert -f raw -O qcow2 clear*.img clear.qcow2 resize the image to taste qemu-img resize clear.qcow2 20G create the virtual machine in virt-manager gui boot the virtual machine: virsh start clearvm log in: virsh console clearvm install a bundle which contains parted swupd bundle-add clr-installer expand / partition and file system with parted and resize2fs parted /dev/vda resizepart > Fix/Ignore? Fix > Partition number? 1 > End? [8590MB]? 100% > size2fs /dev/vda1","title":"Clear Linux Guest Virt Manager"},{"location":"posts/clear-linux-guest-virt-manager/#introduction","text":"download, convert, and resize the provided kvm-legacy image create a virtual machine and launch it from virt-manager But it\u2019s not immediately clear from the instructions if you can use virt-manager , because they recommend their script which runs qemu-system-x86_64 directly. Which is fine, but maybe you find it easier to customize the options using the virt-manager gui interface.","title":"Introduction"},{"location":"posts/clear-linux-guest-virt-manager/#how-to","text":"Assuming you have libvirt and kvm set up with virt-manager , you can: download the clear-*-legacy-kvm.img.xz verify the checksum extract it unxz clear-*-legacy-kvm.img.xz mv clear-*-legacy-kvm.img.xz /var/lib/libvirt/images/ create a virtual machine in virt-manager using the image There is not an os template for Clear Linux, but Fedora29 works fine for me. As a bonus, virsh console is configured and ready to go.","title":"How To"},{"location":"posts/clear-linux-guest-virt-manager/#convert-raw-qcow2-and-resize","text":"The image has a gpt partition table. I am not sure if that is the reason why, but fdisk does not seem to work for resizing the partition. However, parted works fine. The image download is an 8gb sparse raw image. You may wish to convert that to qcow2 and and resize before creating the virtual machine. Here is how to do that. convert the sparse raw image to qcow2 qemu-img convert -f raw -O qcow2 clear*.img clear.qcow2 resize the image to taste qemu-img resize clear.qcow2 20G create the virtual machine in virt-manager gui boot the virtual machine: virsh start clearvm log in: virsh console clearvm install a bundle which contains parted swupd bundle-add clr-installer expand / partition and file system with parted and resize2fs parted /dev/vda resizepart > Fix/Ignore? Fix > Partition number? 1 > End? [8590MB]? 100% > size2fs /dev/vda1","title":"Convert Raw -> Qcow2 and Resize"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/","text":"date: 2021-09-24 Introduction Performance Your Debian Server is way more powerful than your laptop or desktop and flutter integration_tests suck. Ergonomics You have an Android Emulator (or a real device) connected to the machine that you are sitting in front of for reference, and now you can run integration_tests on a different device without having to juggle adb connections on the same machine. Nspawn Tho? Because containers unlike virtual machines access the full power of the host, but nspawn containers are peristent like virtual machines, sparing you the cognitive overhead of dealing with the ephemerality of docker containers and/or of herding cats. And you already have nspawn, it's build into systemd. Even including the (virtual) network interfaces. Documentation Let's face it: setting up an Android Development Environment is a nightmare. So don't just follow this guide; follow this guide a repetition of three times, building your own step-by-step guide for yourself as you go. Your brain will thank you. Host Preparation (Debian 11) install systemd-container and debootstrap enable unprivileged user namespaces echo 'kernel.unprivileged_userns_clone=1' >/etc/sysctl.d/nspawn.conf systemctl restart systemd-sysctl.service you might as well allow debootstrap to user your apt-cacher-ng proxy export http_proxy=http://:3142 br0 bridge describe br0 bridge in /etc/systemd/nspawn/ftest.nspawn (optional). # /etc/systemd/nspawn/ftest.nspawn [Network] VirtualEthernet = yes Bridge = br0 ZFS mountpoint This is optional, obviously; you might not even use zfs. zfs create vm_pool/nspawn/ftest zfs set mountpoint=/var/lib/machines/ftest vm_pool/nspawn/ftest sanity check zfs list -r vm_pool/nspawn bootstrap container # for apt-cacher-ng proxy export http_proxy = http://:3142 debootstrap --include = systemd-container stable /var/list/machines/ftest preboot config delete container's package cache copy /etc/apt/apt.conf to container copy /root/.bashrc to container copy /root/.inputrc to container edit /etc/hostname in container write nspawn file on host copy /etc/locale.gen to /etc/locale.gen.bak on container first interactive boot systemd-nspawn -D /var/lib/machines/ftest -U --machine ftest set passwd: passwd stop container: logout run as service systemctl start systemd-nspawn@ftest login: machinectl login ftest start/enable network systemctl enable --now systemd-networkd add regular user useradd install applications locale install locales edit /etc/locale.gen to taste and then run the command locale-gen essential apps apt-get install openssh-server git unzip wget sudo curl file rsync add regular user to sudo group usermod -a -G sudo other apps apt-get install mosh htop haveged byobu needrestart tree bash-completion install openjdk-8 from stretch repo add following to /etc/apt/sources.list deb http://security.debian.org/debian-security stretch/updates main apt-get update && apt-get install openjdk-8-jdk-headless user environment You can now ssh into your container. scp your favorite environment files over to the container ~/.byobu/ ~/.bashrc ~/.bash_aliases ~/.inputrc install flutter Pick a location to taste; I prefer ~/.local/ cd ; cd .local git clone https://github.com/flutter/flutter.git downgrade flutter if needed: cd ~/.local/flutter git checkout 2 .2.3 install command-line-tools The schuck and jive here is absurd, but here goes. Now is the time to decide where ANDROID_HOME and ANDROID_SDK_ROOT are going to be; I prefer ~/.local/share/Android/Sdk/ mkdir -p ~/.local/share/Android/Sdk temporary installation of cmdline-tools Command line tools only Scroll half way down cd ~/.local/share/Android/Sdk wget https://dl.google.com/android/repository/commandlinetools-linux-7583922_latest.zip unzip commandlinetools-linux-7583922_latest.zip mkdir 5 .0 mv cmdline-tools/* 5 .0/ mv 5 .0 cmdline-tools/ flutter and sdk environment add the following to ~/.bashrc function addToPATH { case \":$PATH:\" in *\":$1:\"*) :;; # already there *) PATH = \"$PATH:$1\";; # or PATH=\"$PATH:$1\" esac } addToPATH ~/.local/flutter/bin addToPATH ~/.local/share/Android/Sdk/cmdline-tools/latest/bin addToPATH ~/.local/share/Android/Sdk/platform-tools # temporary path to temporary version of cmdline-tools addToPATH ~/.local/share/Android/Sdk/cmdline-tools/5.0/bin add the following to ~/.bash_aliases alias sdkmanager = 'sdkmanager --sdk_root=~/.local/share/Android/Sdk' Confirm by logging out and then back in and: which flutter ; which sdkmanager ; alias now install cmdline-tools for real sdkmanager --install \"cmdline-tools;latest\" and then logout and log back in cleanup At this point I think you can remove or comment the temporary PATH statement from ~/.bashrc for the temporary location of cmdline-tools install Android SDK review your options sdkmanager --list and then install them (platform-tools: adb and fastboot will be pulled in automatically) sdkmanager --install \"platforms;android-30\" \\ \"build-tools;31.0.0\" \"build-tools;30.0.3\" confirm flutter installation flutter doctor run tests At this point you shoud be able to rsync a flutter app over to the container, connect to a device using network adb, and run something like: flutter drive --driver integration_test/driver.dart \\ --target integration_test/app_test.dart --profile","title":"Flutter Integration Test Server in Debian 11 Nspawn Container"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#introduction","text":"","title":"Introduction"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#performance","text":"Your Debian Server is way more powerful than your laptop or desktop and flutter integration_tests suck.","title":"Performance"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#ergonomics","text":"You have an Android Emulator (or a real device) connected to the machine that you are sitting in front of for reference, and now you can run integration_tests on a different device without having to juggle adb connections on the same machine.","title":"Ergonomics"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#nspawn-tho","text":"Because containers unlike virtual machines access the full power of the host, but nspawn containers are peristent like virtual machines, sparing you the cognitive overhead of dealing with the ephemerality of docker containers and/or of herding cats. And you already have nspawn, it's build into systemd. Even including the (virtual) network interfaces.","title":"Nspawn Tho?"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#documentation","text":"Let's face it: setting up an Android Development Environment is a nightmare. So don't just follow this guide; follow this guide a repetition of three times, building your own step-by-step guide for yourself as you go. Your brain will thank you.","title":"Documentation"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#host-preparation-debian-11","text":"install systemd-container and debootstrap enable unprivileged user namespaces echo 'kernel.unprivileged_userns_clone=1' >/etc/sysctl.d/nspawn.conf systemctl restart systemd-sysctl.service you might as well allow debootstrap to user your apt-cacher-ng proxy export http_proxy=http://:3142","title":"Host Preparation (Debian 11)"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#br0-bridge","text":"describe br0 bridge in /etc/systemd/nspawn/ftest.nspawn (optional). # /etc/systemd/nspawn/ftest.nspawn [Network] VirtualEthernet = yes Bridge = br0","title":"br0 bridge"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#zfs-mountpoint","text":"This is optional, obviously; you might not even use zfs. zfs create vm_pool/nspawn/ftest zfs set mountpoint=/var/lib/machines/ftest vm_pool/nspawn/ftest sanity check zfs list -r vm_pool/nspawn","title":"ZFS mountpoint"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#bootstrap-container","text":"# for apt-cacher-ng proxy export http_proxy = http://:3142 debootstrap --include = systemd-container stable /var/list/machines/ftest","title":"bootstrap container"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#preboot-config","text":"delete container's package cache copy /etc/apt/apt.conf to container copy /root/.bashrc to container copy /root/.inputrc to container edit /etc/hostname in container write nspawn file on host copy /etc/locale.gen to /etc/locale.gen.bak on container","title":"preboot config"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#first-interactive-boot","text":"systemd-nspawn -D /var/lib/machines/ftest -U --machine ftest set passwd: passwd stop container: logout","title":"first interactive boot"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#run-as-service","text":"systemctl start systemd-nspawn@ftest login: machinectl login ftest start/enable network systemctl enable --now systemd-networkd add regular user useradd ","title":"run as service"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#install-applications","text":"","title":"install applications"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#locale","text":"install locales edit /etc/locale.gen to taste and then run the command locale-gen","title":"locale"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#essential-apps","text":"apt-get install openssh-server git unzip wget sudo curl file rsync","title":"essential apps"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#add-regular-user-to-sudo-group","text":"usermod -a -G sudo ","title":"add regular user to sudo group"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#other-apps","text":"apt-get install mosh htop haveged byobu needrestart tree bash-completion","title":"other apps"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#install-openjdk-8-from-stretch-repo","text":"add following to /etc/apt/sources.list deb http://security.debian.org/debian-security stretch/updates main apt-get update && apt-get install openjdk-8-jdk-headless","title":"install openjdk-8 from stretch repo"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#user-environment","text":"You can now ssh into your container. scp your favorite environment files over to the container ~/.byobu/ ~/.bashrc ~/.bash_aliases ~/.inputrc","title":"user environment"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#install-flutter","text":"Pick a location to taste; I prefer ~/.local/ cd ; cd .local git clone https://github.com/flutter/flutter.git","title":"install flutter"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#downgrade-flutter","text":"if needed: cd ~/.local/flutter git checkout 2 .2.3","title":"downgrade flutter"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#install-command-line-tools","text":"The schuck and jive here is absurd, but here goes. Now is the time to decide where ANDROID_HOME and ANDROID_SDK_ROOT are going to be; I prefer ~/.local/share/Android/Sdk/ mkdir -p ~/.local/share/Android/Sdk","title":"install command-line-tools"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#temporary-installation-of-cmdline-tools","text":"Command line tools only Scroll half way down cd ~/.local/share/Android/Sdk wget https://dl.google.com/android/repository/commandlinetools-linux-7583922_latest.zip unzip commandlinetools-linux-7583922_latest.zip mkdir 5 .0 mv cmdline-tools/* 5 .0/ mv 5 .0 cmdline-tools/","title":"temporary installation of cmdline-tools"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#flutter-and-sdk-environment","text":"add the following to ~/.bashrc function addToPATH { case \":$PATH:\" in *\":$1:\"*) :;; # already there *) PATH = \"$PATH:$1\";; # or PATH=\"$PATH:$1\" esac } addToPATH ~/.local/flutter/bin addToPATH ~/.local/share/Android/Sdk/cmdline-tools/latest/bin addToPATH ~/.local/share/Android/Sdk/platform-tools # temporary path to temporary version of cmdline-tools addToPATH ~/.local/share/Android/Sdk/cmdline-tools/5.0/bin add the following to ~/.bash_aliases alias sdkmanager = 'sdkmanager --sdk_root=~/.local/share/Android/Sdk' Confirm by logging out and then back in and: which flutter ; which sdkmanager ; alias","title":"flutter and sdk environment"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#now-install-cmdline-tools-for-real","text":"sdkmanager --install \"cmdline-tools;latest\" and then logout and log back in","title":"now install cmdline-tools for real"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#cleanup","text":"At this point I think you can remove or comment the temporary PATH statement from ~/.bashrc for the temporary location of cmdline-tools","title":"cleanup"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#install-android-sdk","text":"review your options sdkmanager --list and then install them (platform-tools: adb and fastboot will be pulled in automatically) sdkmanager --install \"platforms;android-30\" \\ \"build-tools;31.0.0\" \"build-tools;30.0.3\"","title":"install Android SDK"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#confirm-flutter-installation","text":"flutter doctor","title":"confirm flutter installation"},{"location":"posts/debian-11-nspawn-flutter-integration-test-server/#run-tests","text":"At this point you shoud be able to rsync a flutter app over to the container, connect to a device using network adb, and run something like: flutter drive --driver integration_test/driver.dart \\ --target integration_test/app_test.dart --profile","title":"run tests"},{"location":"posts/debian-11-ttrss/","text":"date: 2021-09-11 Introduction Install tt-rss on Debian 11 the Debian way. Why? Debian packages tt-rss , so unlike instructions you may find elsewhere, you can depend on the Debian Maintainers to look out for security concerns. And it's easier to install this way. And if I may say, tt-rss runs really well. It's been around for many years now, and the smartphones and vps hosts continue getting more powerful. Apache Install apache2 web server: apt install apache2 Lan If you are installing in a virtual machine on your lan, then this is all you need to do; i.e. later after you have finished installing tt-rss, you will find the following in /etc/tt-rss/apache.conf : Alias /tt-rss /usr/share/tt-rss/www Wan If you deploy on a vps, for instance Linode has Debian 11 images, you definitely want to setup Let's Encrypt Certs. Create a virtual host # /etc/apache2/sites-available/005-rss.example.com.conf ServerName rss.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined Activate the new virtual host: a2ensite 005-rss.example.com.conf systemctl reload apache2 Certbot install certbot: apt install python3-certbot-apache get certificate certbot --apache -d rss.example.com Verify Certbot Request Your virtual host has been modified. # /etc/apache2/sites-available/005-rss.example.com.conf ServerName rss.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined RewriteEngine on RewriteCond %{SERVER_NAME} =rss.example.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] Furthermore, a new virtual host has been created and enabled. # /etc/apache2/sites-available/005-rss.example.com-le-ssl.conf ServerName rss.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLCertificateFile /etc/letsencrypt/live/rss.example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/rss.example.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf And you should now have a systemd timer to automatically renew your certs: /etc/systemd/system/timers.target.wants/certbot.timer -> /lib/systemd/system/certbot.timer CatchAll VirtualHost You can prevent apache from responding to incorrect subdomains by adding a CatchAll virtual host and enabling it. # /etc/apache2/sites-available/999-catchall.conf ServerName null ServerAlias * Redirect 404 / ServerName null ServerAlias * Redirect 404 / MariaDB Install mariadb: apt install mariadb-server Setup mariadb: mysql_secure_installation As far as running mysql_secure_installation , I would imagine that you want to remove anonymous users, disallow root login remotely, remove the test database, and reload the privilege table. TT-RSS After installing apache2 and mariadb, install tt-rss: apt install tt-rss . You will be prompted 3 times by dpkg-configure, but it will be obvious what to do. You're done! Open http://examplelanhost/tt-rss or https://rss.example.com/tt-rss , login with the default admin:password and have fun playing with your server. I particularly appreciate the 2fa and opml import. In order to use the Android application check enable API in preferences . All the best blogs still have rss feeds. If you can't find the rss feed for a blog, type Ctrl + U to show page source and look for rss feed url in the head section. Alternately on a mobile phone you can prepend the url with view-source: .","title":"Debian 11 TT-RSS"},{"location":"posts/debian-11-ttrss/#introduction","text":"Install tt-rss on Debian 11 the Debian way.","title":"Introduction"},{"location":"posts/debian-11-ttrss/#why","text":"Debian packages tt-rss , so unlike instructions you may find elsewhere, you can depend on the Debian Maintainers to look out for security concerns. And it's easier to install this way. And if I may say, tt-rss runs really well. It's been around for many years now, and the smartphones and vps hosts continue getting more powerful.","title":"Why?"},{"location":"posts/debian-11-ttrss/#apache","text":"Install apache2 web server: apt install apache2","title":"Apache"},{"location":"posts/debian-11-ttrss/#lan","text":"If you are installing in a virtual machine on your lan, then this is all you need to do; i.e. later after you have finished installing tt-rss, you will find the following in /etc/tt-rss/apache.conf : Alias /tt-rss /usr/share/tt-rss/www","title":"Lan"},{"location":"posts/debian-11-ttrss/#wan","text":"If you deploy on a vps, for instance Linode has Debian 11 images, you definitely want to setup Let's Encrypt Certs.","title":"Wan"},{"location":"posts/debian-11-ttrss/#create-a-virtual-host","text":"# /etc/apache2/sites-available/005-rss.example.com.conf ServerName rss.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined Activate the new virtual host: a2ensite 005-rss.example.com.conf systemctl reload apache2","title":"Create a virtual host"},{"location":"posts/debian-11-ttrss/#certbot","text":"install certbot: apt install python3-certbot-apache get certificate certbot --apache -d rss.example.com","title":"Certbot"},{"location":"posts/debian-11-ttrss/#verify-certbot-request","text":"Your virtual host has been modified. # /etc/apache2/sites-available/005-rss.example.com.conf ServerName rss.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined RewriteEngine on RewriteCond %{SERVER_NAME} =rss.example.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] Furthermore, a new virtual host has been created and enabled. # /etc/apache2/sites-available/005-rss.example.com-le-ssl.conf ServerName rss.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLCertificateFile /etc/letsencrypt/live/rss.example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/rss.example.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf And you should now have a systemd timer to automatically renew your certs: /etc/systemd/system/timers.target.wants/certbot.timer -> /lib/systemd/system/certbot.timer","title":"Verify Certbot Request"},{"location":"posts/debian-11-ttrss/#catchall-virtualhost","text":"You can prevent apache from responding to incorrect subdomains by adding a CatchAll virtual host and enabling it. # /etc/apache2/sites-available/999-catchall.conf ServerName null ServerAlias * Redirect 404 / ServerName null ServerAlias * Redirect 404 / ","title":"CatchAll VirtualHost"},{"location":"posts/debian-11-ttrss/#mariadb","text":"Install mariadb: apt install mariadb-server Setup mariadb: mysql_secure_installation As far as running mysql_secure_installation , I would imagine that you want to remove anonymous users, disallow root login remotely, remove the test database, and reload the privilege table.","title":"MariaDB"},{"location":"posts/debian-11-ttrss/#tt-rss","text":"After installing apache2 and mariadb, install tt-rss: apt install tt-rss . You will be prompted 3 times by dpkg-configure, but it will be obvious what to do. You're done! Open http://examplelanhost/tt-rss or https://rss.example.com/tt-rss , login with the default admin:password and have fun playing with your server. I particularly appreciate the 2fa and opml import. In order to use the Android application check enable API in preferences . All the best blogs still have rss feeds. If you can't find the rss feed for a blog, type Ctrl + U to show page source and look for rss feed url in the head section. Alternately on a mobile phone you can prepend the url with view-source: .","title":"TT-RSS"},{"location":"posts/faster-partitioning-with-sgdisk/","text":"date: 2019-02-11T04:23:52-08:00 Disclaimer If any of this is wrong, let me know so I can fix it. No actual hard drives were harmed in the production of this blog post. The examples are easier to read if you turn your smart phone sideways. Command Line Is Faster Sure you can partition your discs using a GUI disk management application or an interactive, menu-driven terminal interface. But the command line is faster. gdisk vs sgdisk sgdisk is the scriptable version of gdisk (gptfdisk). what the manpage says If you\u2019re familiar with gdisk , you probably know how to interactively set the partition size and type. If you look at the man page for sgdisk you see that the relevant flags are -n and -t . The beginning and ending numbers are absolute, unless you prepend them with a + or - sign, in which case they become relative. # For New Partition: -n, --new=partnum:start:end # Change partition type: -t, --typecode=partnum:{hexcode|GUID} Example with Separate EFI and / Partitions BTW, gdisk is a partitioning tool intended to be used with a gpt partition table, so the assumption is that you would want an efi partition, (although the efi partition does not have to be on the disk you are partitioning or even on the same disk where your other system partitions are). Wipe any leftover filesystem metadata with wipefs. wipefs --all /dev/sdx Create a new GPT partition table. sgdisk /dev/sdx -o Create an efi partition of 512MB by specifying the end of the partition (relative) and the partition type, ef00 . sgdisk /dev/sdx -n 1::+512MiB -t 1:ef00 Create an / partition using the remainder of the disk, by not specifying the end or the beginning or partition type, which defaults to 8300. sgdisk /dev/sdx -n 2 Format the efi partition fat 32. mkfs.vfat -F32 /dev/sdx1 Format the / partition ext4. mkfs.ext4 /dev/sdx2 Practice With A Sparse Image If you don\u2019t want to partition a real hard drive, you can practice using an sparse image file, instead. # create a sparse image file truncate -S 100G practiceImage.img # partition the image file with sgdisk sgdisk practiceImage.img -o # etc Example with Separate /boot, EFI, and luks-encrypted / Partitions Wipe any leftover filesystem metadata with wipefs . wipefs --all /dev/sdx Create a new GPT partition table. sgdisk /dev/sdx -o Create an efi partition of 512MB by specifying the end of the partition (relative) and the partition type, ef00 . sgdisk /dev/sdx -n 1::+512MiB -t 1:ef00 Create a /boot partition of 1GB, by specifying the end of the partition (relative), but not specifying the partition type which defaults to 8300 . sgdisk /dev/sdx -n 2::+1GiB Create an / partition using the remainder of the disk, by not specifying the end or the beginning or partition type, which defaults to 8300 . sgdisk /dev/sdx -n 3 Format the efi partition fat 32. mkfs.vfat -F32 /dev/sdx1 Format the /boot partition ext4. mkfs.ext4 /dev/sdx2 Encrypt the / partition. cryptsetup -y -v luksFormat --type luks2 /dev/sdx3 Decrypt the / device. cryptsetup open /dev/sdx3 cryptroot Format the / device. mkfs.xfs /dev/mapper/cryptroot What About Swap? I prefer to use a swap file inside the luks-encrypted / partition. But you can make a separate swap partition if you like. Example with 2GB swap partition Wipe the disc. wipefs --all /dev/sdx Create a new GPT partition table. sgdisk /dev/sdx -o Create an EFI partition. sgdisk /dev/sdx -n 1::+512MiB -t 1:ef00 Create a /boot partition. sgdisk /dev/sdx -n 2::+1GiB Create a / partition with a relative negative end. sgdisk /dev/sdx -n 3::-2GiB Create a swap partion type 8200 . sgdisk /dev/sdx -n 4 -t 4:8200 format the partitions. mkfs.vfat -F32 /dev/sdx1 mkfs.ext4 /dev/sdx2 mkfs.xfs /dev/sdx3 mkswap /dev/sdx4 Conclusion Good luck to you. Backup your data first. Kind Regards, Trent","title":"Faster Partitioning with Sgdisk"},{"location":"posts/faster-partitioning-with-sgdisk/#disclaimer","text":"If any of this is wrong, let me know so I can fix it. No actual hard drives were harmed in the production of this blog post. The examples are easier to read if you turn your smart phone sideways.","title":"Disclaimer"},{"location":"posts/faster-partitioning-with-sgdisk/#command-line-is-faster","text":"Sure you can partition your discs using a GUI disk management application or an interactive, menu-driven terminal interface. But the command line is faster.","title":"Command Line Is Faster"},{"location":"posts/faster-partitioning-with-sgdisk/#gdisk-vs-sgdisk","text":"sgdisk is the scriptable version of gdisk (gptfdisk).","title":"gdisk vs sgdisk"},{"location":"posts/faster-partitioning-with-sgdisk/#what-the-manpage-says","text":"If you\u2019re familiar with gdisk , you probably know how to interactively set the partition size and type. If you look at the man page for sgdisk you see that the relevant flags are -n and -t . The beginning and ending numbers are absolute, unless you prepend them with a + or - sign, in which case they become relative. # For New Partition: -n, --new=partnum:start:end # Change partition type: -t, --typecode=partnum:{hexcode|GUID}","title":"what the manpage says"},{"location":"posts/faster-partitioning-with-sgdisk/#example-with-separate-efi-and-partitions","text":"BTW, gdisk is a partitioning tool intended to be used with a gpt partition table, so the assumption is that you would want an efi partition, (although the efi partition does not have to be on the disk you are partitioning or even on the same disk where your other system partitions are). Wipe any leftover filesystem metadata with wipefs. wipefs --all /dev/sdx Create a new GPT partition table. sgdisk /dev/sdx -o Create an efi partition of 512MB by specifying the end of the partition (relative) and the partition type, ef00 . sgdisk /dev/sdx -n 1::+512MiB -t 1:ef00 Create an / partition using the remainder of the disk, by not specifying the end or the beginning or partition type, which defaults to 8300. sgdisk /dev/sdx -n 2 Format the efi partition fat 32. mkfs.vfat -F32 /dev/sdx1 Format the / partition ext4. mkfs.ext4 /dev/sdx2","title":"Example with Separate EFI and / Partitions"},{"location":"posts/faster-partitioning-with-sgdisk/#practice-with-a-sparse-image","text":"If you don\u2019t want to partition a real hard drive, you can practice using an sparse image file, instead. # create a sparse image file truncate -S 100G practiceImage.img # partition the image file with sgdisk sgdisk practiceImage.img -o # etc","title":"Practice With A Sparse Image"},{"location":"posts/faster-partitioning-with-sgdisk/#example-with-separate-boot-efi-and-luks-encrypted-partitions","text":"Wipe any leftover filesystem metadata with wipefs . wipefs --all /dev/sdx Create a new GPT partition table. sgdisk /dev/sdx -o Create an efi partition of 512MB by specifying the end of the partition (relative) and the partition type, ef00 . sgdisk /dev/sdx -n 1::+512MiB -t 1:ef00 Create a /boot partition of 1GB, by specifying the end of the partition (relative), but not specifying the partition type which defaults to 8300 . sgdisk /dev/sdx -n 2::+1GiB Create an / partition using the remainder of the disk, by not specifying the end or the beginning or partition type, which defaults to 8300 . sgdisk /dev/sdx -n 3 Format the efi partition fat 32. mkfs.vfat -F32 /dev/sdx1 Format the /boot partition ext4. mkfs.ext4 /dev/sdx2 Encrypt the / partition. cryptsetup -y -v luksFormat --type luks2 /dev/sdx3 Decrypt the / device. cryptsetup open /dev/sdx3 cryptroot Format the / device. mkfs.xfs /dev/mapper/cryptroot","title":"Example with Separate /boot, EFI, and luks-encrypted / Partitions"},{"location":"posts/faster-partitioning-with-sgdisk/#what-about-swap","text":"I prefer to use a swap file inside the luks-encrypted / partition. But you can make a separate swap partition if you like.","title":"What About Swap?"},{"location":"posts/faster-partitioning-with-sgdisk/#example-with-2gb-swap-partition","text":"Wipe the disc. wipefs --all /dev/sdx Create a new GPT partition table. sgdisk /dev/sdx -o Create an EFI partition. sgdisk /dev/sdx -n 1::+512MiB -t 1:ef00 Create a /boot partition. sgdisk /dev/sdx -n 2::+1GiB Create a / partition with a relative negative end. sgdisk /dev/sdx -n 3::-2GiB Create a swap partion type 8200 . sgdisk /dev/sdx -n 4 -t 4:8200 format the partitions. mkfs.vfat -F32 /dev/sdx1 mkfs.ext4 /dev/sdx2 mkfs.xfs /dev/sdx3 mkswap /dev/sdx4","title":"Example with 2GB swap partition"},{"location":"posts/faster-partitioning-with-sgdisk/#conclusion","text":"Good luck to you. Backup your data first. Kind Regards, Trent","title":"Conclusion"},{"location":"posts/instructions-for-tethering-from-phone/","text":"date: 2020-12-17 Instructions Part One Turn off blutooth on computer Turn off blutooth on phone Turn off Wifi on phone Part Two Turn on wifi hotspot or usb tethering Verify! You want to verify that you are connected to your Android hotspot. Android tether is a router that will stand up a subnet of 192.168.43.0/24 for wifi hotspot, and 192.168.42.0/24 for usb tether. On linux open a terminal and type ip addr on Windows open a cmd console and type ipconfig If tethering via wifi hotspot you should see an ipv4 address of 192.168.43.XX If tethering via usb you should see an ipv4 address of 192.168.42.XX ACHTUNG Do Not! DO NOT turn on ethernet tethering you probably don't have the physical equipment available to do that DO NOT turn on blutooth tethering $# ?# DUH!! DO NOT turn on blutooth Your phone's radio hardware already has enough to do, trying to simultaneously maintain an LTE uplink to your mobile carrier and a wifi downlink to your computer DO NOT turn on wifi Don't let your phone try to connect to something that isn't working right now DO NOT forget to turn off blutooth Your phone's radio hardware already has enough to do, trying to simultaneously maintain an LTE uplink to your mobile carrier and a wifi downlink to your computer DO NOT forget to turn off wifi Don't let your phone try to connect to something that isn't working right now Blutooth If you leave blutooth on while trying to tether, your phone could get hot, your battery could go dead, and your hotspot could fail to work properly. Be surprised it it doesn't crash and soft-reboot.","title":"Instruction For Tethering From Phone"},{"location":"posts/instructions-for-tethering-from-phone/#instructions","text":"","title":"Instructions"},{"location":"posts/instructions-for-tethering-from-phone/#part-one","text":"Turn off blutooth on computer Turn off blutooth on phone Turn off Wifi on phone","title":"Part One"},{"location":"posts/instructions-for-tethering-from-phone/#part-two","text":"Turn on wifi hotspot or usb tethering","title":"Part Two"},{"location":"posts/instructions-for-tethering-from-phone/#verify","text":"You want to verify that you are connected to your Android hotspot. Android tether is a router that will stand up a subnet of 192.168.43.0/24 for wifi hotspot, and 192.168.42.0/24 for usb tether. On linux open a terminal and type ip addr on Windows open a cmd console and type ipconfig If tethering via wifi hotspot you should see an ipv4 address of 192.168.43.XX If tethering via usb you should see an ipv4 address of 192.168.42.XX","title":"Verify!"},{"location":"posts/instructions-for-tethering-from-phone/#achtung-do-not","text":"DO NOT turn on ethernet tethering you probably don't have the physical equipment available to do that DO NOT turn on blutooth tethering $# ?# DUH!! DO NOT turn on blutooth Your phone's radio hardware already has enough to do, trying to simultaneously maintain an LTE uplink to your mobile carrier and a wifi downlink to your computer DO NOT turn on wifi Don't let your phone try to connect to something that isn't working right now DO NOT forget to turn off blutooth Your phone's radio hardware already has enough to do, trying to simultaneously maintain an LTE uplink to your mobile carrier and a wifi downlink to your computer DO NOT forget to turn off wifi Don't let your phone try to connect to something that isn't working right now","title":"ACHTUNG Do Not!"},{"location":"posts/instructions-for-tethering-from-phone/#blutooth","text":"If you leave blutooth on while trying to tether, your phone could get hot, your battery could go dead, and your hotspot could fail to work properly. Be surprised it it doesn't crash and soft-reboot.","title":"Blutooth"},{"location":"posts/kvm-on-arch/","text":"date: 2021-10-07 Introduction This is not intended to be a tutorial, but rather a walk-through of how I would install libvirt/kvm on Arch Linux . Packages iptables-nft dnsmasq bridge-utils openbsd-netcat libvirt qemu-headless virt-install virt-install is not needed if connecting remotely with virt-manager, but it does provide virt-clone . Configuration enable libvirtd service systemctl enable libvirtd add user to libvirt group usermod -a -G libvirt environment/bashrc # ~/.bashrc export LIBVIRT_DEFAULT_URI = \"qemu:///system\" reboot the machine Network The default network is defined in /etc/libvirt/qemu/networks/default.xml . Start the default network virsh net-start default . Permanently enable the default network virsh net-autostart default . Jump Host With virt-manager Abstract your jump host in ~/.ssh/config # ~/.ssh/config Host jumphost Hostname Port 22 User Host kvmhost Hostname ProxyJump jumphost Port 22 User Now you can connect virt-manager to @kvmhost Console Access Enable serial console on guest. systemctl enable serial-getty@ttyS0.service Nested KVM I was going to try to figure out how to permantly set the cpu mode default such that all virtualmachines will be capable of nested virtualization, but it already is. Perhaps that is the default in virt-manager now? Anyway, in case you want to make sure nested virtualization is enabled in the host kernel. Clone Ip Address Conflict I found a great tutorial for assigning ip addresses . The problem we need to solve here is that virtual machine clones won't necessarily solicit a unique ip address, although a clone will have a new mac address . So, you clone a vm: virt-clone --original arch --name archone --auto-clone Get the clone's mac address: virsh dumpxml archone | grep mac Now assign the clone a dhcp reservation: virsh net-edit default Notice that I tighten up the dhcp range, and add a reservation outside the new dhcp range. default 8013c9a5-606f-48a0-a3ec-1cf097e76fb1 Restart Default Network virsh net-destroy default virsh net-start default","title":"KVM On Arch"},{"location":"posts/kvm-on-arch/#introduction","text":"This is not intended to be a tutorial, but rather a walk-through of how I would install libvirt/kvm on Arch Linux .","title":"Introduction"},{"location":"posts/kvm-on-arch/#packages","text":"iptables-nft dnsmasq bridge-utils openbsd-netcat libvirt qemu-headless virt-install virt-install is not needed if connecting remotely with virt-manager, but it does provide virt-clone .","title":"Packages"},{"location":"posts/kvm-on-arch/#configuration","text":"enable libvirtd service systemctl enable libvirtd add user to libvirt group usermod -a -G libvirt ","title":"Configuration"},{"location":"posts/kvm-on-arch/#environmentbashrc","text":"# ~/.bashrc export LIBVIRT_DEFAULT_URI = \"qemu:///system\" reboot the machine","title":"environment/bashrc"},{"location":"posts/kvm-on-arch/#network","text":"The default network is defined in /etc/libvirt/qemu/networks/default.xml . Start the default network virsh net-start default . Permanently enable the default network virsh net-autostart default .","title":"Network"},{"location":"posts/kvm-on-arch/#jump-host-with-virt-manager","text":"Abstract your jump host in ~/.ssh/config # ~/.ssh/config Host jumphost Hostname Port 22 User Host kvmhost Hostname ProxyJump jumphost Port 22 User Now you can connect virt-manager to @kvmhost","title":"Jump Host With virt-manager"},{"location":"posts/kvm-on-arch/#console-access","text":"Enable serial console on guest. systemctl enable serial-getty@ttyS0.service","title":"Console Access"},{"location":"posts/kvm-on-arch/#nested-kvm","text":"I was going to try to figure out how to permantly set the cpu mode default such that all virtualmachines will be capable of nested virtualization, but it already is. Perhaps that is the default in virt-manager now? Anyway, in case you want to make sure nested virtualization is enabled in the host kernel.","title":"Nested KVM"},{"location":"posts/kvm-on-arch/#clone-ip-address-conflict","text":"I found a great tutorial for assigning ip addresses . The problem we need to solve here is that virtual machine clones won't necessarily solicit a unique ip address, although a clone will have a new mac address . So, you clone a vm: virt-clone --original arch --name archone --auto-clone Get the clone's mac address: virsh dumpxml archone | grep mac","title":"Clone Ip Address Conflict"},{"location":"posts/kvm-on-arch/#now-assign-the-clone-a-dhcp-reservation","text":"virsh net-edit default Notice that I tighten up the dhcp range, and add a reservation outside the new dhcp range. default 8013c9a5-606f-48a0-a3ec-1cf097e76fb1 ","title":"Now assign the clone a dhcp reservation:"},{"location":"posts/kvm-on-arch/#restart-default-network","text":"virsh net-destroy default virsh net-start default","title":"Restart Default Network"},{"location":"posts/linux-move-cursor-with-keyboard/","text":"date: 2020-06-21T22:01:35-07:00 Introduction Linux just makes everything so easy. On a laptop it can be tricky to place your mouse cursor on exactly the correct pixel, using the touchpad. This became apparent to myself while using GIMP to create some png button files for a little tkinter project, but there must be other use-cases as well. xdo commands for moving the cursor move the cursor one pixel left: xdotool mousemove_relative -- -1 0 move the cursor one pixel right: xdotool mousemove_relative -- 1 0 move the cursor one pixel up: xdotool mousemove_relative -- 0 -1 move the cursor one pixel down: xdotool mousemove_relative -- 0 1 map keyboard shortcuts Now, in your keyboard settings, map the above commands to new custom shortcuts. For instance, I find the Ctrl + Super + Up Ctrl + Super + Down Ctrl + Super + Left Ctrl + Super + Right combinations to be convenient in the Mate Desktop. Enjoy!","title":"Linux Move Cursor With Keyboard"},{"location":"posts/linux-move-cursor-with-keyboard/#introduction","text":"Linux just makes everything so easy. On a laptop it can be tricky to place your mouse cursor on exactly the correct pixel, using the touchpad. This became apparent to myself while using GIMP to create some png button files for a little tkinter project, but there must be other use-cases as well.","title":"Introduction"},{"location":"posts/linux-move-cursor-with-keyboard/#xdo-commands-for-moving-the-cursor","text":"move the cursor one pixel left: xdotool mousemove_relative -- -1 0 move the cursor one pixel right: xdotool mousemove_relative -- 1 0 move the cursor one pixel up: xdotool mousemove_relative -- 0 -1 move the cursor one pixel down: xdotool mousemove_relative -- 0 1","title":"xdo commands for moving the cursor"},{"location":"posts/linux-move-cursor-with-keyboard/#map-keyboard-shortcuts","text":"Now, in your keyboard settings, map the above commands to new custom shortcuts. For instance, I find the Ctrl + Super + Up Ctrl + Super + Down Ctrl + Super + Left Ctrl + Super + Right combinations to be convenient in the Mate Desktop. Enjoy!","title":"map keyboard shortcuts"},{"location":"posts/lmde3-xfs-full-disk-encryption/","text":"date: 2019-01-25T23:25:36-08:00 Introduction Linux Mint Debian Edition is the alternate version of Linux Mint, but built on a Debian base. The result is quite pleasant: the stability of desktop Debian, but with the rough edges polished smooth, nicely configured fonts and ui, and all the multi-media codecs included. Unfortunately, the LMDE 3 installer does not support disk encryption, but manually setting this up by hand is pretty straightforward. On the other hand, manually setting up your partitions by hand allows extra freedom and flexibility, and so I have chosen a simple luks-encrypted / partition formatted xfs. As far as swap is concerned, my preference is to use a swap file instead of a swap partition. Having a swap file instead of a swap partition is more flexible because obviously you can easily recreate a different size swap file whenever you like (or use none at all), and the encryption requires no extra set up because the / partition is encrypted anyway. Will this work with a dual-boot set up? Of course! Because you have to manually configure the partitions anyway, just arrange them exactly how you would need for dual-boot. Assumes uefi-configured boot, with separate partitions for /boot formatted ext4, /boot/efi formatted fat32, and a regular luks-encrypted partition for / formatted xfs. Prepare The Installation Media Visit the Linux Mint Website and download the iso file for LMDE 3 64bit. Download from torrents if possible, to save bandwidth. verify the sha256 sum of the iso file sha256sum lmde-3-201808-cinnamon-64bit.iso Identify the thumb drive you are going to install from. type lsblk , note the output, and then insert the thumb drive then type lsblk again and note the additional output # lsblk /dev/sdb NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:32 1 14.5G 0 disk \u251c\u2500sdb1 8:33 1 3.4G 0 part /media/trent/Debian 9.6.0 amd64 \u2514\u2500sdb2 8:34 1 416K 0 part In the above example output we see that our thumb drive is identified as /dev/sdb , and partition /dev/sdb1 is automatically mounted. Take special care that you have accurately identified the thumb drive before proceeding. For the sake of example, we will proceed on the assumption that our thumb drive is identified as /dev/sdb , but you need to compensate accordingly. unmount any partition of the thumb drive that are automatically mounted umount /dev/sdb1 write the disk image to the thumb drive ddrescue -D --force lmde-3-201808-cinnamon-64bit.iso /dev/sdb Boot The Install Disc boot into bios to disable fastboot and secureboot invoke your machine's device boot menu and boot the install disc in uefi mode confirm that you have booted in uefi mode by listing efivars ls /sys/firmware/efi/vars Partition The Hard Drive If you recall we are assuming the target hard drive is /dev/sda , as an example. So, make adjustments as necessary. If you would rather use a different partition tool, make sure the efi partition is an efi partition type, and you definitely need a separate /boot partition. if needed you can clear the drive with wipefs wipefs --all /dev/sda create a new partition table for /dev/sda sgdisk /dev/sda -o create a new efi partition for /dev/sda sgdisk /dev/sda --new=1::+512MiB --typecode=1:ef00 create a new /boot partition for /dev/sda sgdisk /dev/sda --new=2::+1G create a new / partition for /dev/sda sgdisk /dev/sda --new=3 verify your partition work sgdisk /dev/sda -p format the efi partition mkfs.vfat -F32 /dev/sda1 format the /boot partition mkfs.ext4 /dev/sda2 encrypt the / partition, you will be prompted for a password cryptsetup -y -v luksFormat --type luks2 /dev/sda3 decrypt the / partition, you will be prompted for a password cryptsetup open /dev/sda3 cryptroot format the / device mkfs.xfs /dev/mapper/cryptroot Mount The Hard Drive This takes advantage of expert mode in the LMDE installer. create an /target directory mkdir /target mount the / device at /target mount /dev/mapper/cryptroot /target create an /target/boot directory mkdir /target/boot mount the /boot partition at /target/boot mount /dev/sda2 /target/boot create an /target/boot/efi directory mkdir /target/boot/efi mount the efi partition at /target/boot/efi mount /dev/sda1 /target/boot/efi Run The Installer App At this point you're ready to run the live installer. You can click the disc icon on the desktop. The first three pages of the live-installer cover Language,Timezone, and Keymap. The fourth page of the live-installer covers name, password, and hostname. On the fifth page of the live-installer, you come to a partition configuration page. But there is nothing to do, so select expert mode at the bottom of the page. Again select forward , and when you come to the page where you configure the location to install grub, that should be the efi partition, i.e. /dev/sda1 . Select forward one more time, and then select install. The installation will run for a few minutes and will then pause. During the pause you need to manually configure fstab and crypttab . Configure Fstab find the UUID of the efi partition blkid /dev/sda1 -s UUID find the UUID of the /boot partition blkid /dev/sda2 -s UUID find the UUID of the / device blkid /dev/mapper/cryptroot -s UUID And when you find the correct UUID numbers, use them to configure /etc/fstab which is actually currently at /target/etc/fstab . # /etc/fstab ############### # efi partition # run the command `blkid /dev/sda1 -s UUID` which outputs # /dev/sda1: UUID=\"17C4-215D\", from which derive UUID=17C4-215D /boot/efi vfat defaults 0 2 # /boot partition # run the command `blkid /dev/sda2 -s UUID` which outputs # /dev/sda2: UUID=\"f2509fff-4854-4721-b546-0274c89e6aec\", from which derive UUID=f2509fff-4854-4721-b546-0274c89e6aec /boot ext4 defaults 0 2 # \"/\" device # run the command `blkid /dev/mapper/cryptroot -s UUID` which outputs # /dev/mapper/cryptroot: UUID=\"72241377-cd65-43a6-8363-1afce5bd93f6\", from which derive UUID=72241377-cd65-43a6-8363-1afce5bd93f6 / xfs defaults 0 1 Configure Crypttab But before the file systems can be mounted, crypttab needs to mount /dev/sda3 at /dev/mapper/cryptroot . Configure /etc/crypttab which is actually currently at /target/etc/crypttab find the UUID of the partition that will be mounted at /dev/mapper/crypttab blkid /dev/sda3 -s UUID And when you find the correct UUID number for /dev/sda3 , use that to configure /etc/crypttab which is actually currently at /target/etc/crypttab . # /etc/crypttab # run the command `blkid /dev/sda3 -s UUID` which outputs # /dev/sda3: UUID=\"da3e0967-711f-4159-85ac-7d5743a75201\", from which derive #