https://philpep.org/wiki/ Wed, 10 Jun 2026 22:54:35 +0000 FeedCreator 1.8 https://philpep.org/wiki/lib/tpl/dokuwiki/images/favicon.ico https://philpep.org/wiki/ https://philpep.org/wiki/soft:bind?rev=1563152251&do=diff Bind dns server * <http://www.zytrax.com/books/dns/> very good documentation about dns and bind Configuration options { auth-nxdomain no; recursion no; listen-on-v6 port 53 { any; }; listen-on port 53 { any; }; notify explicit; rate-limit { responses-per-second 10; }; }; anonymous@undisclosed.example.com (Anonymous) soft Mon, 15 Jul 2019 00:57:31 +0000 https://philpep.org/wiki/soft:burp?rev=1563111732&do=diff Burp - backup and restore program BURP is a powerful backup and restore tool. backup lvm snapshots I backup virtual machines from hypervisors using burp and lvm (thin) snapshots. backup_script_pre=/etc/burp/pre_backup.sh backup_script_post=/etc/burp/post_backup.sh anonymous@undisclosed.example.com (Anonymous) soft Sun, 14 Jul 2019 13:42:12 +0000 https://philpep.org/wiki/soft:checkzone?rev=1563146411&do=diff checkzone - A python script checking secondary dns servers You should check your secondary dns servers receive and update zones properly. Here is a small script I wrote which simply request all the NS servers from a given domain and check their serial is equal. The script behave like a nagios compatible check, so you can easily plug into your monitoring systems. anonymous@undisclosed.example.com (Anonymous) soft Sun, 14 Jul 2019 23:20:11 +0000 https://philpep.org/wiki/soft:docker?rev=1633012920&do=diff Docker Docker rootless setup with fuse-overlayfs This is applicable from debian bullseye and use docker-ce packages. $ sudo apt install docker-ce-rootless-extras fuse-overlayfs $ echo "options overlay permit_mounts_in_userns=1" | sudo tee /etc/modprobe.d/overlay2.conf $ sudo systemctl disable --now docker.service docker.socket $ mkdir ~/.config/docker $ echo '{"storage-driver": "fuse-overlayfs"}' > ~/.config/docker/daemon.json $ dockerd-rootless-setuptool.sh check $ dockerd-rootless-setuptoo… anonymous@undisclosed.example.com (Anonymous) soft Thu, 30 Sep 2021 14:42:00 +0000 https://philpep.org/wiki/soft:kubernetes?rev=1576429898&do=diff Kubernetes Install a cluster with kubeadm Complete guide <https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/> On Debian stretch: GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1" sudo update-grub sudo reboot wget https://download.docker.com/linux/debian/gpg -O - | sudo apt-key add - echo "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable" | sudo tee /etc/apt/sources.list.d/docker.list … anonymous@undisclosed.example.com (Anonymous) soft Sun, 15 Dec 2019 17:11:38 +0000 https://philpep.org/wiki/soft:lvm?rev=1570788997&do=diff LVM - Logical volume manager * <https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/logical_volume_manager_administration/index> * <https://wiki.archlinux.org/index.php/LVM> * <https://wiki.gentoo.org/wiki/LVM> * List Physical Volumes: pvs * List Volume Groups: vgs * List Volumes: lvs pvcreate /dev/sdX vgcreate vg0 /dev/sdX Thin volumes It's better to use thin provisioned volumes to have snapshots comes for free (copy on write) and are better for SSDs anonymous@undisclosed.example.com (Anonymous) soft Fri, 11 Oct 2019 10:16:37 +0000 https://philpep.org/wiki/soft:nsd?rev=1563145851&do=diff NSD dns server <https://calomel.org/nsd_dns.html> NSD is lightweight and faster and simpler to configure than bind. It doesn't support dynamic dns update, so in my case I use it as a secondary dns server: apt-get install nsd Here's a config for a secondary dns receiving notify and issuing AXFR transfer using a hmac-sha512 key (symetric secret key shared with the primary server). anonymous@undisclosed.example.com (Anonymous) soft Sun, 14 Jul 2019 23:10:51 +0000 https://philpep.org/wiki/soft:openldap?rev=1573401098&do=diff OpenLDAP * <https://www.openldap.org/doc/admin24/> Installation apt-get install slapd ldap-utils ldapvi By default the server will use cn=config, you can edit it with ldapvi: ldapvi -Y EXTERNAL -h ldapi:// -b cn=config To edit the tree as admin: ldapvi -h ldap://server -D cn=admin,dc=example,dc=com anonymous@undisclosed.example.com (Anonymous) soft Sun, 10 Nov 2019 15:51:38 +0000 https://philpep.org/wiki/soft:pgbouncer?rev=1565205152&do=diff Pgbouncer <https://pgbouncer.github.io/> is a lightweight postgresql connection pooler. Opening postgresql connection will create a new process on the postgresql server, unless you're using a persistent connection you want a connection pooler. transparent authentication * <http://richyen.com/pgbouncer/postgres/2018/11/21/pgbouncer_auth_user.html> anonymous@undisclosed.example.com (Anonymous) soft Wed, 07 Aug 2019 19:12:32 +0000 https://philpep.org/wiki/soft:postgresql?rev=1564003028&do=diff PostgreSQL Configuration * <https://thebuild.com/presentations/not-your-job-pgconf-us-2017.pdf> very good advices for configuration listen_addresses = '*' shared_buffers = 1024MB # ~25% of RAM and maximum at 16G work_mem = 16MB maintenance_work_mem = 128MB synchronous_commit = off # read documentation before using this random_page_cost = 3.0 # if using ssd track_functions = all track_io_timing = on shared_preload_libraries = 'pg_stat_statements' pg_stat_statements.track = all log_min_dur… anonymous@undisclosed.example.com (Anonymous) soft Wed, 24 Jul 2019 21:17:08 +0000 https://philpep.org/wiki/soft:unbound?rev=1563141100&do=diff Unbound dns resolver * <https://calomel.org/unbound_dns.html> good overview of unbound My unbound configuration which focus on security and some privacy regarding my ISP by using cloudflare and quad9 on DNS over TLS. server: verbosity: 1 use-syslog: yes interface: 0.0.0.0 interface: :: access-control: 192.168.31.0/24 allow access-control: 127.0.0.0/8 allow access-control: ::1/128 allow hide-identity: yes hide-version: yes minimal-responses: yes prefetch: yes qname-m… anonymous@undisclosed.example.com (Anonymous) soft Sun, 14 Jul 2019 21:51:40 +0000