Perform ressource heavy tasks without slowing down other processes

While researching the best strategy to scrub my BTRFS filesystem I found a nice little trick to prevent a slow down or fight about ressources. Have a look at this systemd service file from the big boy Linux distribution Archlinux for scrubbing a filesystem: [root@homeserver ~]# cat /usr/lib/systemd/system/btrfs-scrub@.service [Unit] Description=Btrfs scrub on %f ConditionPathIsMountPoint=%f RequiresMountsFor=%f [Service] Nice=19 IOSchedulingClass=idle KillSignal=SIGINT ExecStart=/usr/bin/btrfs scrub start -B %f By setting IOSchedulingClass to idle and setting the niceness to 19 (lowest priority) every other operation will take precedence. Weiterlesen →

BTRFS RAID5: unrepaired sectors detected

Finding the broken file While scrubbing my BTRFS RAID 5 filesytem for the first time in four years the scrub got canceled due to the following error according to dmesg: BTRFS error (device sdc1): unrepaired sectors detected, full stripe 15994477215744 data stripe 0 errors 4 This message sounds scary and normally BTRFS should be able to recover the data. Why this did not work will stay unclear for now. I had two or three unclean shutdowns in all these years so maybe I triggerd one of the main bugs they always warn you about. Weiterlesen →

Telegraf config to query a Tesla Wallbox Gen 3

Here is a sample configuration file to query a Tesla Wallbox Gen 3. It collect’s wifi, lifetime and vital stats. It’s designed around Europes three phase power grid. Just fill in your desired output block and you should be good to go. Pass in the IP address of your wallbox as environment variable. [agent] # Don't stress the little CPU too much by streching requests collection_jitter = "3s" [[inputs.http]] # Collect wifi stats urls = ["http://${WALLBOX_HOST}/api/1/wifi_status"] name_override = "wifi" tagexclude = ["url", "host"] data_format = "json_v2" [[inputs. Weiterlesen →

Alternative way to integrate custom logstash filters/plugins

Logstash plays an important part in the Elastic Stack environment. The built-in filters already provide a wide range of functions to manipulate events. In case you need something special you’ve a few choices. You could for example write inline ruby code or package it to a gem and make it an official plugin. Do you want to write ruby code? I for sure don’t. The approach I want to talk about is using the http filter (🖇️ 🔐) . Weiterlesen →

Trying out nginx as a load balancer in a container environment

I’m currently playing around with load balancing traffic from a proxy server to multiple worker services. Everything is done in a plain docker environment so I can only use a compose file. This was my first approach: --- version: '3.9' services: web: image: nginx deploy: replicas: 4 proxy: image: nginx ports: - 8080:80 volumes: - type: bind source: ./nginx.conf target: /etc/nginx/conf.d/default.conf read_only: true This spawns four nginx containers with nothing but the default “it works” page. Weiterlesen →

Ansible: Why you should use the assert module instead of failed_when

As an ansible user you may be familiar with the failed_when clause of a task. Its condition should resolve to a boolean value and determines if it was successful or not. In my backup playbook I’ve a task creating a tar archive by using the command module. Later on I want to check if an actual POSIX tar archive was created: - name: Check if a real tar archive was created command: "file /mnt/backups/mail. Weiterlesen →

WireGuard Site2Site VPN Guide

Setting up a Site 2 site VPN with WireGuard is pretty easy provided you have some basic WireGuard and IP routing knowlege. The scope of this guide is to provide sample configurations with additional explanations. You still have to use your brain and think what setup suits you best. This guide also only focuses on the current generation IP protocol IPv6. Legacy IPv4 addressing works exactly the same. This guide is also platform agnostic. Weiterlesen →

The one and only OPNsense port forwarding guide you ever need

So you are in the pitty situation that you need to make an IPv4 legacy system or application reachable but your port forwarding rules are not working? And watching a painfully 21 minute long YouTube video from a bearded guy did not help you in any way? Hold back your tears because you have just found the one and only port forwarding guide for OPNsense. In order for port forwarding to work you need to things: Weiterlesen →

BTRFS: Read only filesystem while mounted read write

While doing my monthly backups I got a little bit confused. I found an old backup of an LXC container which was not needed anymore. But I was not able to delete it: rm: cannot remove ‘container_backups/XXX/rootfs/var/log/private’: Read-only file system Checking with mount the backup filesystem was mounted rw and dmesg also did not indicate a btrfs problem. Missing privileges were also not an issue as I was logged in as root. Weiterlesen →

Running Tor's Snowflake Proxy in Docker

Due to Iran’s internet blocking I stumbled over Tor’s Snowflake proxy. A pluggable transport plugin based on WebRTC. They work similar to Tor’s bridge and relay system. The standalone proxy which this post is all about is written in golang. Snowflake proxies are not published making it harder to block them. User traffic towards the internet never exits the proxy. The last hop is always a Tor exit node. This makes it easy for people to help without having to deal with abuse reports or worse. Weiterlesen →