cat /proc/sys/net/bridge/bridge-nf-call-iptables
sysctl vm.swappiness=0
swapoff -a
Part of collection: Hyper-converged Homelab with Proxmox
After struggling for some days, and since I really needed this to work (ignoring the it can't be done vibe everywhere), I managed to get Docker to work reliable in privileged Debian 12 LXC Containers on Proxmox 8
(Unfortunately, I couldn't get anything to work in unprivileged LXC Containers)
There are NO modifications required on the Proxmox host or the /etc/pve/lxc/xxx.conf
file; everything is done on the Docker Swarm host. So the only obvious candidate who could break this setup, are future Docker Engine updates!
This is a walkthrough of setting up a PXE server to boot Ubuntu server live install .iso over network, all on an OPNsense device. No need for Dnsmasq or http/nfs server! Should be compatible with vanilla FreeBSD and HardenedBSD devices as well.
Guide made with OPNsense 20.7
and Ubuntu 20.04.2
, with the assumption that your OPNsense device is at 192.168.1.1
.
Thanks to all the other guides out there. 1 2
A couple issues I ran into with other guides is that Ubuntu's servers return 404 for older releases. Make sure to check each link used in this guide to make sure they exist! This guide works with BIOS as we use pxelinux.0 but it can be adapted fairly easily for UEFI boot.
Published: 16 December 2022
Reference: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
Goal: Set up one or more Wireguard connections from ProtonVPN on OPNsense, with policy based routing, and optional Killswitch.
I'm writing this guide first as a reference for my future self for when I inevitably forget how to do this, but also to help others out. I found there were not many guides on this specific configuration, particularly not with multiple concurrent connections, and these were some steps which were not at all obvious. I did begin with the guide in the official OPNsense documentation, but even that was missing info to make ProtonVPN work. If you are a pfSense user, it is very similar to OPNsense, and you should be able to follow along with some success, but I have not tested it myself.
These are instructions for booting from an Ubuntu liveCD and installing NixOS on a machine. I needed to do this because the NixOS liveCD doesn't work on my machine (NixOS/nixpkgs#5829), so I'm just using the Ubuntu installation media as something to boot into.
Much of this is from discussion at NixOS/nixpkgs#14680.
Get the Ubuntu ISO: http://releases.ubuntu.com/16.04.1/ubuntu-16.04.1-desktop-amd64.iso
Write it to a USB drive with unetbootin
ddns-update-style none; | |
deny bootp; #default | |
authoritative; | |
include "/etc/dhcp/ipxe-option-space.conf"; | |
# GREEN (private network) | |
subnet 10.1.1.0 netmask 255.255.255.0 { | |
range 10.1.1.100 10.1.1.199; | |
option subnet-mask 255.255.255.0; |
// ==UserScript== | |
// @name noVNC Paste for Proxmox | |
// @namespace http://tampermonkey.net/ | |
// @version 0.2a | |
// @description Pastes text into a noVNC window (for use with Proxmox specifically) | |
// @author Chester Enright | |
// @match https://* | |
// @include /^.*novnc.*/ | |
// @require http://code.jquery.com/jquery-3.3.1.min.js | |
// @grant none |
Last updated September 21, 2022
This Gist explains how to do this using gpg in a step-by-step fashion. Previously, krypt.co was heavily mentioned, but I've only recently learned they were acquired by Akamai and no longer update their previous free products. Those mentions have been removed.
For using a GUI-based GIT tool such as Tower or Github Desktop, follow the steps here for signing your commits with GPG.
There has been a number of comments on this gist regarding some issues around the pinentry-program and M1 Macs. I've finally gotten a chance to try things out on an M1 and I've updated the documentation in 2-using-gpg.md
to reflect my findings.
programs.starship = { | |
enable = true; | |
settings = { | |
# "$schema" = "https://starship.rs/config-schema.json"; | |
add_newline = true; | |
command_timeout = 500; | |
continuation_prompt = "[∙](bright-black) "; | |
format = "[](0x9A348E)$username$hostname$localip$shlvl$singularity$kubernetes[](fg:0x9A348E bg:0xDA627D)$directory$vcsh[](fg:0xDA627D bg:0xFCA17D)$git_branch$git_commit$git_state$git_metrics$git_status$hg_branch[](fg:0x86BBD8 bg:0x06969A)$docker_context$package$buf[](fg:0xFCA17D bg:0x86BBD8)$c$cmake$cobol$container$daml$dart$deno$dotnet$elixir$elm$erlang$golang$haskell$helm$java$julia$kotlin$lua$nim$nodejs$ocaml$perl$php$pulumi$purescript$python$rlang$red$ruby$rust$scala$swift$terraform$vlang$vagrant$zig$nix_shell$conda$spack$memory_usage$aws$gcloud$openstack$azure$env_var$crystal$custom$sudo$cmd_duration$line_break$jobs$battery[](fg:0x06969A bg:0x33658A)$time$status$shell$character"; | |
right_format = ""; | |
scan_timeout = 30; |
#!/bin/sh | |
if [ "$EUID" -ne 0 ] | |
then echo "This script must be run as root" | |
exit | |
fi | |
if [ "$#" -ne 1 ]; then | |
echo "Usage: ./$0 <path-to-ide" | |
exit 1 |