Create SWAP on ZFS ZVOL

Read time < 1 minute

ZFS with it’s default options is not great for SWAP usage. If you run “Root on ZFS” you want to create a ZVOL with the right options. This means limiting arc to metadata, disabling l2arc, forcing sync writes, setting logbias to throughput and disabling autosnapshots. Adjust 8G to the swap size you want. Adjust rpoolRead more

Login Mail Alert Using Rsyslog

Read time < 1 minute

I wanted a way to know who authenticates on my servers. This is especially useful if you work in a team or want to have some additional security in place. Rsyslogd is a service that ships with most distros which proceeds logs before they are written to disk. We will create a simple script whichRead more

SSH Configuration

Read time 2 minutes

Install SSH Start by installing SSH. Sudo For best practices you should disable root login and create a new user with sudo access. Add the user to the sudo group. Whenever needed you should use sudo to execute binaries with root privileges. To pipe text use sudo in combination with tee. If you know whatRead more

Using Ipsets to Block Tor Anonymity Network

Read time 2 minutes

Besides VPN and SOCKS5 proxies using the Tor anonymity network to scan servers and run brute force attacks is a common choice. It is especially useful to circumvent rate limiting given that you have easy access to a set of over 1500 IP addresses. So if you have your own rate limiting implementation make sureRead more

Compile Linux Kernel

Read time 2 minutes

Most Linux distros ship with a longterm kernel that can be quite old. If you happen to buy new hardware the driver support can be troublesome. So in order to get things like network interfaces, wifi, bluetooth, audio etc. working you might have to build the kernel yourself or switch to a rolling release distro.Read more

Postfix Mail Configuration

Read time < 1 minute

By default Linux distros ship with a internal MTA. If you send local mails they land in /var/mail/<user>. If you want to send external mails you have to configure your MTA to use a relay server. Exim was the default for quite some time but has been replaced with postfix since in many distros. InstallRead more

Copy Files via Shell

Read time < 1 minute

Maybe you are limited and have no SFTP client available or just want a simple fast way to copy some config files from a server. All the tools you need are already installed. To backup the current directory It returns your files compressed and encoded as base64 with owner mappings and file permissions. You canRead more

APT Upgrade Handling Tweaks

Read time 2 minutes

APT is a great package manager and there are several options to make upgrades more comfortable. Let me introduce you some. APT Configuration There are several configuration options for apt using /etc/apt/apt.conf.d/ In my case I enabled the periodic update schedule which will automatically update the package list, download upgrades but does not install them andRead more

APC UPS Setup and Calibration

Read time < 1 minute

Note: This is for a single host setup if you want to share the ups see https://herold.space/share-ups-using-nut-on-a-raspberry-pi UPS Setup Install the apcupsd daemon and configure it. UPS Calibration Lead-acid batteries lose capacity over time and after 3 to 5 years they need to be replaced. Therefore it’s important to calibrate them once a year. BeforeRead more

Network Overview

Read time 2 minutes

Overview of some services on my network. The setup is fully redundant as high availability cluster. Driven by open source and powered with renewable energy. Using Terraform, Cloud-init and Ansible for IaC. And K8s, Gitlab, Flux2 and Renovate for GitOps. Network Diagram DMZ Service Description Postfix, Dovecot, SpamAssassin Email Server with DKIM, DMARC, SPF, DANE,Read more