Issei.space

1Password Linux: fatal: cannot exec '/opt/1Password/op-ssh-sign': No such file or directory

Wed, 24 Jun 2026 08:17:41 +0200

I’m using 1Password to store my SSH keys - recently i noticed that the git sign process started to fail

❯ git commit -m "very important change"
fatal: cannot exec '/opt/1Password/op-ssh-sign': No such file or directory
error:
fatal: failed to write commit object

It turns out, that the op-ssh-sign has been moved from /opt/1Password/op-ssh-sign to /usr/share/1password/op-ssh-sign. After editing the ~/.gitconfig to use the new path, it started working again. What’s weird, is that in the “Configure Commit Signing…” popup, the automatic setup still uses the /opt directory. Not sure on which version precisely i got broken, but it is still broken on 1Password for Linux 8.12.24 (81224034)

High kworker CPU usage on idle linux system

Sun, 22 Mar 2026 18:46:48 +0100

I’m running an HP Z230 SFF as my little homeserver for the last 5 years. It is not the most powerful, but it was energy-efficient enough, and was doing great for the things I’m running on it, so I kept using it. Recently I noticed that despite being idle, the power usage was higher than normal. Normally the power usage with idle workload oscillates around 25-30W, but it was at nearly 60W. On Proxmox I didn’t see that any VM was using much CPU, so I dug deeper. In top on the host, I noticed that only one core was maxed out, and the process kworker/1:3+usb_hub_wq was using a lot of CPU.

After some research on the internet, I first found a suggestion to disable some interrupts: https://unix.stackexchange.com/questions/588018/kworker-thread-kacpid-notify-kacpid-hogging-60-70-of-cpu

But that didn’t fix the issue for me. I didn’t see any high values in the list, and even after disabling the highest one (which had a value of about “120”), it didn’t change anything.

The thing that fixed it for me was unloading the xhci_pci driver using modprobe:

$ modprobe -r xhci_pci
$ dmesg
[...]
[ 183.933736] xhci_hcd 0000:00:14.0: remove, state 4
[ 183.933749] usb usb2: USB disconnect, device number 1
[ 183.934564] xhci_hcd 0000:00:14.0: USB bus 2 deregistered
[ 183.934586] xhci_hcd 0000:00:14.0: remove, state 1
[ 183.934590] usb usb1: USB disconnect, device number 1
[ 183.939166] xhci_hcd 0000:00:14.0: USB bus 1 deregistered

After that, I took a look at top and I didn’t see the kworker again in the list of top CPU usage processes, so I added the driver to the blacklist, as I’m not using USB 3.0 devices on this host.

echo "blacklist xhci_pci" >> /etc/modprobe.d/pve-blacklist.conf

Please note that this behaviour is probably caused by some kind of hardware failure. As this is my test/home server, I’m accepting that fact, but in today’s market, it is pretty hard to find a good deal for a replacement, newer homeserver due to the memory pricing, so good ol’ Haswell with DDR3 will need to live for even longer.

Ref: https://community.frame.work/t/tracking-kworker-stuck-at-near-100-cpu-usage-with-ubuntu-22-04/23053/52

Backblaze B2 Operator for Kubernetes

Sat, 27 Dec 2025 14:32:39 +0100

As you might guess by some of my older entries, I’m a fan of Backblaze B2 object storage.

Some time ago I created my first Kubernetes operator using Operator-SDK in Golang. Before that, I had some experience with python pykube/kopf, but these libraries are pretty much abandoned, so I decided to take a look at the “first party” solution.

I wanted to create Backblaze B2 buckets and keys in the cluster, but I noticed that at the time, there weren’t any operators available, so I created my own. It supports creating buckets and keys with ACL. I know - what a diversity of feature from a storage operator

The operator is open-source and can be found on github.com/mgruszkiewicz/backblaze-operator

How to setup?

Setup should be relatively straightforward, you need:

create application key in your b2 account with correct permissions or use master application key
helm

Creating keys

Creating application keys with specific capabilities/permissions is a bit tricky on Backblaze B2, as it is not possible from the web interface - you need to use the B2 CLI to do that.

First, you need to install the b2 cli, that will depend on the platform you are using. Refer to the official Backblaze documentation on how to do that

then authenticate to your account

b2 account authorize

and finally, we can create a key for operator

b2 key create operator-blog writeKeys,deleteKeys,listBuckets,listAllBucketNames,readBuckets,writeBuckets,deleteBuckets

The output will contain two values, separated by space - the first one will be the application id, the second application key

Setup operator using Helm

helm upgrade --install backblaze-operator backblaze-operator \
 --set credentials.b2ApplicationId="your-application-id" \
 --set credentials.b2ApplicationKey="your-application-key" \
 --set credentials.b2Region="us-west-004" \
 --namespace backblaze-operator --create-namespace \
 --repo https://mgruszkiewicz.github.io/helm-charts

Setup operator in FluxCD repository

If you are using GitOps (and you probably should!) to manage your cluster, you can also easily install the operator using FluxCD HelmReleases. As we will need to pass the Backblaze keys, you will need a way to pass securely the keys to the cluster. In my case I prefer to store the secrets in Vault, and I passed them out to cluster via ExternalSecrets, but the method doesn’t matter - you can use variable substitution or create a secret manually and reference it in values.

First, create the secret with your Backblaze credentials:

kubectl create secret generic backblaze-credentials \
 --from-literal=B2_APPLICATION_ID="your-application-id" \
 --from-literal=B2_APPLICATION_KEY="your-application-key"
 --from-literal=B2_REGION="your-b2-region" \
 --namespace backblaze-operator

Then apply the following FluxCD configuration:

apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
 name: isseispace
 namespace: flux-system
spec:
 interval: 1h
 url: https://mgruszkiewicz.github.io/helm-charts
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
 name: backblaze-operator
 namespace: backblaze-operator
spec:
 interval: 5m
 chart:
 spec:
 chart: backblaze-operator
 sourceRef:
 kind: HelmRepository
 name: isseispace
 namespace: flux-system
 values:
 credentials:
 secret:
 useSecret: true
 name: backblaze-credential

Creating an example bucket

After a successful operator installation, we can try to create a new Backblaze B2 bucket from our Kubernetes cluster using CRD.

apiVersion: b2.issei.space/v1alpha2
kind: Bucket
metadata:
 name: my-b2-bucket
spec:
 atProvider:
 acl: private

The metadata.name will be used as a bucket name.
Note - to create a bucket with acl: public, you first need to add a payment method to your Backblaze account, otherwise the creation process will fail.

Let’s check the status:

❯ kubectl describe buckets.b2.issei.space my-b2-bucket
Name: my-b2-bucket
Namespace: default
Labels: <none>
Annotations: <none>
API Version: b2.issei.space/v1alpha2
Kind: Bucket
Metadata:
 Creation Timestamp: 2025-12-27T15:55:11Z
 Finalizers:
 bucket.b2.issei.space/finalizer
 Generation: 1
 Resource Version: 762
 UID: 3ed908df-373a-452a-825c-b6215ec9d2a0
Spec:
 At Provider:
 Acl: private
Status:
 At Provider:
 Acl: private
 Reconciled: true
Events:
 Type Reason Age From Message
 ---- ------ ---- ---- -------
 Normal BucketCreated 2m42s bucket-controller Successfully created bucket my-b2-bucket with ACL private

Now let’s create a new application key that has only access to our new bucket

apiVersion: b2.issei.space/v1alpha2
kind: Key
metadata:
 name: my-b2-key
spec:
 atProvider:
 bucketName: my-b2-bucket
 capabilities:
 - deleteFiles
 - listAllBucketNames
 - listBuckets
 - listFiles
 - readBucketEncryption
 - readBucketReplications
 - readBuckets
 - readFiles
 - shareFiles
 - writeBucketEncryption
 - writeBucketReplications
 - writeFiles
 writeConnectionSecretToRef:
 name: new-key

and let’s check the status:

❯ kubectl describe secret new-key
Name: new-key
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
AWS_ACCESS_KEY_ID: 25 bytes
AWS_SECRET_ACCESS_KEY: 31 bytes
bucketName: 21 bytes
endpoint: 30 bytes
keyName: 9 bytes

Now you can connect your application to new Backblaze B2 object storage bucket!

For compatibility with apps that expect S3 object storage, the secret is created with AWS S3 named keys.

Exposing service from Runpod.io (and others) to netbird network

Sun, 05 Oct 2025 18:31:27 +0200

Sometimes you need a better GPU for testing - service offerings like runpod.io or salad cloud is cool, for setup a quick docker container for testing, however currently both runpod and salad are missing the ability to setup some kind of sidecar, which would allow user to setup for example a vpn connection to internal network, so you can access the external container from your secure network and not just directly throught the internet.

Both services are offering a public ingress that will automatically route traffic to your containers, however, at least in the case of salad.com, you can only enable authentication by salad API key, which is pretty clunky while working with stuff like comfyui.

As a workaround to missing sidecar feature, you can do something, that is disgureged by pretty much anyone - run multiple processes in one container! This solution is not perfect, and if you can, i would stick to sidecars, however, sometimes you do what you need to do.

In the beginning i mentioned two services - runpod.io and salad.com, however, that method should work everywhere, that you can run your own docker container and define some environmental variables.

Okay, so how to do it?

The modification needed for docker image are not that big. We will be using userspace implementation in the netbird, instead of default kernel one. As a example, i will be using nginx image, however you can use any other image as a base - you just need to define the correct startup command in the start.sh script.

docker Dockerfile


FROM nginx:latest
# Netbird envs
ENV NB_FOREGROUND_MODE=true
ENV NB_USE_NETSTACK_MODE=true
ENV NB_ENABLE_NETSTACK_LOCAL_FORWARDING=true
ENV NB_DAEMON_ADDR=unix://netbird.sock
# Setup netbird
ADD https://github.com/netbirdio/netbird/releases/download/v0.59.2/netbird_0.59.2_linux_amd64.tar.gz /tmp/netbird.tar.gz
RUN cd /tmp/ && tar -xvzf /tmp/netbird.tar.gz && mv netbird /bin/ && chmod +x /bin/netbird
EXPOSE 80
WORKDIR /app
COPY start.sh .
RUN chmod +x /app/start.sh
CMD /app/start.sh

bash start.sh


#!/bin/bash
netbird up --setup-key=$NB_SETUP_KEY --extra-dns-labels $NB_EXTRA_DNS_LABEL &
nginx -g "daemon off;"

What’s going on here?

The trick is pretty simple - we’re running netbird in userspace mode, which doesn’t require kernel modules or special privileges. The NB_USE_NETSTACK_MODE flag tells netbird to use userspace networking instead of trying to create kernel interfaces, which is perfect for restricted container environments.

In the startup script, we launch netbird in the background with the & operator, then start nginx in foreground mode. The netbird process will connect to your netbird network using the setup key you provide, and from that point your container is accessible from other machines in your netbird network.

Setting it up

You’ll need to set two environment variables when launching your container:

NB_SETUP_KEY - your netbird setup key (get it from your netbird dashboard)
NB_EXTRA_DNS_LABEL - optional, but useful for giving your container a nice hostname in the network

For runpod, you can set these in the environment variables section when creating your pod. For salad, add them in the container configuration.

Once the container starts, give it a few seconds for netbird to establish the connection, then you should be able to access your service directly from any other machine in your netbird network - no public internet exposure needed!

Final thoughts

Is this the cleanest solution? Nope. Does it work? Absolutely. Sometimes you just need to get stuff done, and this workaround lets you securely access your GPU workloads without exposing them to the entire internet or dealing with API key authentication in places where it doesn’t make sense.

Just remember - if the platform adds proper sidecar support in the future, migrate to that. But until then, this gets the job done.

ChatGPT on feature phone

Fri, 12 Sep 2025 11:08:01 +0200

Last weekend, I was wondering, how hard it would be to create a app for a featurephone/dumbphone/brick however you want to name it. I never made any application for pre-android era phones and did not have the opportunity. All i know that it can be done in Java. I never actually programmed in java either, but I decided to give it a shot.

Setting up the IDE

I thought that this would take much longer, and I will probably need to create a VM with something like windows xp, however i found a easy to follow tutorial with working download links that helped me setup the environment in less than 30 minutes. I was suprised that it worked without issue even on windows 10. If you also want to setup J2ME environment here is the link to youtube (author disallows playback on external sites :/)

Not sure if all the software in that pack is clean, so for safety reasons i decided to run a VM anyway. Is there a way to setup a environemnt on linux? Probably yes, but personally i just wanted to get going and don’t tinker with 32bit libraries. While researching i found this guide - https://github.com/ading2210/setup-j2me-sdk - maybe it can be useful for someone

Now what?

Okay, so i had a idea that sounded funny to me - what if we could interact with AI on that brick? Nowadays you have phones and computers certified (ekgh copilot plus pc egkh) to run AI, so? Sorry about the clickbait, we actually won’t be inferencing AI model on the device itself, but just using the API. I don’t even want to attempt something like that - i wasn’t even able to find a chipset name for the nokia phones i have in my drawer.

As i never created a app in J2ME, i did some checkup online - it seems like i can just do HTTP request no problem, so let’s try to cook something!

For now, i won’t be building fully fledged GPT chat, just a single message and response.

Issue with networking

as you might expect, the old bricks phone with OS from nearly 20 years ago, will not support modern SSL/TLS protocols - so for the quick demo, i just skipped encryption, as i won’t be transmitting any sensitive informations and will tear it down soon after. I’m sure it is possible to establish a TLS connection, but i just didn’t bother with that.

Instead of crafting my own proxy, i decided to utilize LiteLLM as a gateway - it allows me to connect pretty much any LLM with openai compatible api, create a virtual keys, log requests and responses from underlaying llm models.

Also LiteLLM was helpful for debugging, as i can enable logging of each request and easily validate why it might failed

My next issue was that - of course most of this old phones don’t have WiFi - and i needed to use cellular connection - in Poland the 2G/Edge is still available so that was not a issue, one prepaid sim card later i had internet connection on my phone.

Building the application

Overall, as i mentioned before, i want to keep it as barebones as possible, so we will have just a simple form, and will be crafting json by combining the strings and escape the characters manually. Brutal, but we just want to have some fun :)

I also asked Claude Sonnet 4 about some of this things, and was suprised that it returned me a non-halucinated responses and things that actually worked.

In the end, i was suprised how easy it was to build a simple form based app in J2ME. I’m sure that back in the days, when open source and knowledge sharing on the internet was not that popular (e.g most of the things you will probably learn from a book)

I did published the code in github repository - https://github.com/mgruszkiewicz/j2me-tinyllm

Demo time!

Your browser does not support the video element.

I did speedup the typing part, it was a while since using T9 for daily texting 😅

FYI: My HTTP routes are not visible after migrating from regular docker to docker swarm!!

Sat, 21 Jun 2025 13:19:19 +0200

Recently, during migration from one host to another, we had a idea to run the docker in swarm mode, so i future, when we needed more capacity, we could just add more nodes “without the complexity of kubernetes”. However, after starting the working docker-compose in the docker swarm mode, i noticed that the traefik was not picking up the labels from the containers and i couldn’t really figure out why.

The docker provider was replaced in config file with docker swarm, but it still wasn’t working.

In the end, it was a pretty silly mistake on my part - in regular Docker, you add labels to the containers like that

services:
laravel:
image: mylaravelapp:latest
labels:
- "traefik.enable=true"
- "traefik.http.routers.laravel.rule=Host(`api.my-app.local`)"
[...]

However, in Docker Swarm, labels are defined under deploy section

services:
laravel:
image: mylaravelapp:latest
deploy:
placement:
constraints:
- node.role == manager
labels:
- "traefik.enable=true"
- "traefik.http.routers.laravel.rule=Host(`api.my-app.local`)"
[...]

This took me too long to solve, I hope this blog entry will help someone out

Podłączenie własnego routera Netia ETTH

Sun, 30 Mar 2025 13:38:41 +0200

Ostatnio zmieniłem operatora na Netie, ze względu na oferowanie internetu po ETTH, co pozwala wyeliminować totalnie urządzenie od dostawcy (a nie jak w przypadku np. UPC/Play po DOCSIS gdzie trzeba przestawić ich wspaniałego connectboxa w tryb bridge). Według instrukcji na internecie, również powinienem bez problemu otrzymać dane PPPoE.

W moim przypadku (prawdopodobnie że jest to sieć internetia?), w portalu netiaonline nie miałem podanych danych logowania PPPoE (tak jak to powinno być według instrukcji). Instalator również nie miał przy sobie na umowie tych danych, oraz po sprawdzeniu przez siebie w portalu, również nie mógł uzyskać tych danych. Po kontakcie na infolinii, jedyne co dostałem SMSem, to nieprzydatne dla mnie informacje co do ustawień ADSL, nadal bez danych do logowania.

Zastanawiało mnie że instalator, jedyne co zrobił po przyjściu, to podłączył router i już internet śmigał, co podpowiadało mi, że występuje jedynie filtrowanie po adresie MAC

Metodą prób i błędów, doszedłem do tego, że aby podpiąć swój router do sieci ETTH w takim wypadku należy

sklonować adres MAC WANu z routera który dostaliśmy od operatora (w przypadku Huawei DN8245X6-10, znajduje się od na naklejce od spodu urządzenia)
ustawić dane logowania PPPoE na WAN na:
login: internet
hasło: internet

Po tej operacji, mój mikrotik dostał adres z DHCP - niestety przez ostatnie zmiany w sieci Netii, adres IP zza CGNAT zamist publiczny :(

Plesk default page instead of domain content after enabling Cloudflare proxy

Mon, 24 Feb 2025 17:13:47 +0100

Recently i faced an interesting issue - after enabling Cloudflare proxy on domain hosted on Plesk (with Litespeed webserver, but that is not important), the domain returned Plesk default page instead of the domain, even through in domain logs i could see the requests.

The solution was to enable “Full” SSL/TLS encryption in domain settings on Cloudflare. (on that domain at first it was set to ‘Flexible’)

How NOT to setup a RWX storage for Kubernetes cluster - SMB share on Mikrotik router

Fri, 17 Jan 2025 21:53:32 +0100

Some time ago I decided to setup seperate homelab network in my house, as my previous homelab server is more like a production homeserver which I don’t want to disrupt. It is not much, but I wanted to build something small, energy-efficient and from the parts I already had.

But back to the topic that made me curious - I kinda needed some persistent storage for pods in lab. Then I remembered that the Mikrotik (RB951G-2HnD) router i’m using have a USB port and I saw an option in winbox to create SMB share. I think you can image where it is going.

Setup Kubernetes cluster

For Kubernetes I will be using single-node Talos Linux. Didn’t even used Terraform or anything fancy to deploy it, just created a virtual machine on Proxmox with nocloud image.
What is a Talos Linux? Talos Linux is a minimal, immutable linux distribution that is designed for Kubernetes - it doesn’t even have a SSH, and you do all the configuration over API.

As this writeup is not a tutorial, I will skip setup of Talos Linux, but if i got you interested, take a look on Talos Linux Getting Started guide

The cover picture was kinda a clickbait - for storage I will be using a slow microSD card, as at the time of writing, i didn’t had any USB-powered storage that was stable on my mikrotik (i guess 2,5" SSDs or HDDs might be a bit too power hungry, or my adapters were not compatible with ROS)

I’m not a RouterOS expert, additionally the forum.mikrotik.com at the time of writing was down

but this minor inconvenience will not prevent me from trying anyway.

First, let’s see if our USB drive is detected

[admin@MikroTik] > disk print
Flags: B - BLOCK-DEVICE; M, F - FORMATTING; p - PARTITION
Columns: SLOT, MODEL, SERIAL, INTERFACE, SIZE, FREE, FS
# SLOT MODEL SERIAL INTERFACE SIZE FREE FS
0 B usb1 MXTronics MXT USB Device 130818v01 USB 2.00 480Mbps 7 744 782 336
1 BMp usb1-part1 @1'048'576-7'744'782'336 7 743 733 760 7 518 978 048 ext4

Cool, there is my USB. I pre-formatted this card on my PC to ext4.

[admin@MikroTik] /ip/smb/shares> add name=kube directory=/usb1-part1
[admin@MikroTik] /ip/smb/shares> print
Flags: * - DEFAULT
Columns: NAME, DIRECTORY, MAX-SESSIONS
# NAME DIRECTORY MAX-SESSIONS
;;; default share
0 * pub /pub 10
1 kube /usb-part1 10
[admin@MikroTik] > /ip/smb/shares/enable numbers=1

Next i enabled the SMB and added user

[admin@MikroTik] > /ip/smb/set enabled=yes
[admin@MikroTik] > /ip/smb/set interfaces=bridge
[admin@MikroTik] > /ip/smb/users/add name="cluster" password="pleasedontlook" read-only=no

And i tried to connect to share from my desktop Success!

Setup SMB CSI on Kubernetes

As of CSI driver setup, I just installed the driver using kubectl, following official documentation

Created the StorageClass, statefulset and persistent volume for testing aaand…

csi-provisioner Mounting command: mount
csi-provisioner Mounting arguments: -t cifs -o dir_mode=0777,file_mode=0777,uid=1001,gid=1001,<masked> //192.168.200.1/kube /tmp/pvc-873655b4-c46b-4ef8-95db-7fa00a603be6
csi-provisioner Output: mount error(95): Operation not supported
csi-provisioner Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
csi-provisioner >

oh. In Talos console i can see, more specific error

kern: info: [2025-01-15T22:18:38.016242704Z]: CIFS: Attempting to mount \\192.168.200.1\kube
kern: err: [2025-01-15T22:18:38.026805704Z]: CIFS: VFS: \\192.168.200.1 Dialect not supported by server. Consider specifying vers=1.0 or vers=2.0 on mount for accessing
older servers

So in smb StorageClass I added

mountOptions:
- vers=2.0
[...]

and look!

❯ kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS VOLUMEATTRIBUTESCLASS AGE
storage-test-0 Bound pvc-873655b4-c46b-4ef8-95db-7fa00a603be6 2Gi RWO smb <unset> 18m
❯ kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS VOLUMEATTRIBUTESCLASS REASON AGE
pvc-873655b4-c46b-4ef8-95db-7fa00a603be6 2Gi RWO Delete Bound default/storage-test-0 smb <unset> 2m41s

we got our PV on smb share provisioned!

Now let’s enter the pod and do some basic tests. As i never used SMB CSI driver before, i was surprised that in mount i can see the whole path to smb server, but that makes sense.

/ # mount
[...]
//192.168.200.1/kube/pvc-873655b4-c46b-4ef8-95db-7fa00a603be6 on /mnt type cifs (rw,relatime,vers=2.0,cache=strict,username=cluster,uid=1001,noforceuid,gid=1001,noforcegid,addr=192.168.200.1,file_mode=0777,dir_mode=0777,soft,nounix,serverino,mapposix,rsize=65536,wsize=65536,bsize=1048576,echo_interval=60,actimeo=1,closetimeo=1)

Testing out our monstrosity

Let’s at first point out all the bottlenecks

Using MicroSD card (class 4) in USB adapter
Using not that powerful routerboard
Using CIFS (+on linux)

Random Read

As the first test, i used fio to perform random read

/mnt # fio --name=randread --ioengine=libaio --iodepth=16 --rw=randread --bs=4k --direct=0 --size=100M --numjobs=4 --runtime=240 --group_reporting
randread: (g=0): rw=randread, bs=(R) 4096B-4096B, (W) 4096B-4096B, (T) 4096B-4096B, ioengine=libaio, iodepth=16
...
fio-3.38
Starting 4 processes
randread: Laying out IO file (1 file / 100MiB)
randread: Laying out IO file (1 file / 100MiB)
randread: Laying out IO file (1 file / 100MiB)
randread: Laying out IO file (1 file / 100MiB)
Jobs: 4 (f=4): [r(4)][100.0%][r=1893KiB/s][r=473 IOPS][eta 00m:00s]
randread: (groupid=0, jobs=4): err= 0: pid=26: Wed Jan 15 22:38:23 2025
read: IOPS=382, BW=1531KiB/s (1567kB/s)(359MiB/240006msec)
slat (usec): min=1159, max=600406, avg=8302.61, stdev=5622.61
clat (usec): min=8, max=905809, avg=124681.33, stdev=28987.76
lat (msec): min=6, max=912, avg=132.98, stdev=30.01
clat percentiles (msec):
| 1.00th=[ 106], 5.00th=[ 110], 10.00th=[ 112], 20.00th=[ 115],
| 30.00th=[ 117], 40.00th=[ 120], 50.00th=[ 122], 60.00th=[ 125],
| 70.00th=[ 128], 80.00th=[ 132], 90.00th=[ 138], 95.00th=[ 144],
| 99.00th=[ 159], 99.50th=[ 186], 99.90th=[ 684], 99.95th=[ 869],
| 99.99th=[ 894]
bw ( KiB/s): min= 56, max= 2408, per=100.00%, avg=1926.10, stdev=42.95, samples=1526
iops : min= 14, max= 602, avg=481.48, stdev=10.73, samples=1526
lat (usec) : 10=0.01%, 20=0.01%, 50=0.01%
lat (msec) : 10=0.01%, 20=0.01%, 50=0.02%, 100=0.10%, 250=99.59%
lat (msec) : 500=0.15%, 750=0.03%, 1000=0.09%
cpu : usr=0.13%, sys=0.65%, ctx=103998, majf=0, minf=102
IO depths : 1=0.1%, 2=0.1%, 4=0.1%, 8=0.1%, 16=99.9%, 32=0.0%, >=64=0.0%
submit : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
complete : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.1%, 32=0.0%, 64=0.0%, >=64=0.0%
issued rwts: total=91847,0,0,0 short=0,0,0,0 dropped=0,0,0,0
latency : target=0, window=0, percentile=100.00%, depth=16
Run status group 0 (all jobs):
READ: bw=1531KiB/s (1567kB/s), 1531KiB/s-1531KiB/s (1567kB/s-1567kB/s), io=359MiB (376MB), run=240006-240006msec

During the test, i saw around 60% of CPU utilization on router, so actually we might not be yet bottlenecked by router. I’m actually quite suprised by the IOPS number

Random Read/Write

/mnt # fio --randrepeat=1 --ioengine=libaio --gtod_reduce=1 --name=test --filename=random_read_write.fio --bs=4k --iodepth=64 --size=100M --readwrite=randrw --rwmixread=75
test: (g=0): rw=randrw, bs=(R) 4096B-4096B, (W) 4096B-4096B, (T) 4096B-4096B, ioengine=libaio, iodepth=64
fio-3.38
Starting 1 process
Jobs: 1 (f=1): [f(1)][100.0%][eta 00m:00s]
test: (groupid=0, jobs=1): err= 0: pid=35: Wed Jan 15 22:43:11 2025
read: IOPS=180, BW=722KiB/s (739kB/s)(75.1MiB/106574msec)
bw ( KiB/s): min= 8, max= 2280, per=100.00%, avg=1046.69, stdev=887.64, samples=147
iops : min= 2, max= 570, avg=261.67, stdev=221.92, samples=147
write: IOPS=59, BW=239KiB/s (245kB/s)(24.9MiB/106574msec); 0 zone resets
bw ( KiB/s): min= 7, max= 824, per=100.00%, avg=407.48, stdev=284.06, samples=125
iops : min= 1, max= 206, avg=101.86, stdev=71.02, samples=125
cpu : usr=0.18%, sys=1.80%, ctx=21840, majf=0, minf=7
IO depths : 1=0.1%, 2=0.1%, 4=0.1%, 8=0.1%, 16=0.1%, 32=0.1%, >=64=99.8%
submit : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
complete : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.1%, >=64=0.0%
issued rwts: total=19233,6367,0,0 short=0,0,0,0 dropped=0,0,0,0
latency : target=0, window=0, percentile=100.00%, depth=64
Run status group 0 (all jobs):
READ: bw=722KiB/s (739kB/s), 722KiB/s-722KiB/s (739kB/s-739kB/s), io=75.1MiB (78.8MB), run=106574-106574msec
WRITE: bw=239KiB/s (245kB/s), 239KiB/s-239KiB/s (245kB/s-245kB/s), io=24.9MiB (26.1MB), run=106574-106574msec

yeah, not that surprising.

Real-world application test?

I really wanted to make a benchmark using Postgres pgbench, but Postgres will just hang on creating initial data, so i gave up. I think we already know how good it would perform with the current setup.

End words

Actually, the setup process on both RouterOS and Kubernetes part was pretty painless and i didn’t even need to spend multiple hours on troubleshooting. Would I recommended that setup for file storage on PVC? Definitely not, but in a pinch, it might actually be useful as a shared storage for e.g. small configuration files that need R/W access (otherwise just use configmaps).

References

https://learningbytutz.blogspot.com/2019/12/adding-hard-drive-to-mikrotik_25.html https://dotlayer.com/how-to-use-fio-to-measure-disk-performance-in-linux/

MicroSD Card not visible on boot in linux

Fri, 23 Aug 2024 19:37:07 +0200

I’m still using my chromebook with coreboot as a portable thinclient. Due to small built-in storage (only 16GB), i’m also using microSD card as a secondary storage for larger files and project. However i was strugeling with microSD card not being mounted at boot (waiting for device), my solution was to just physically eject and insert the card at boot, but it is pretty inconvient and is probably destroying the card pins.

The solution

The solution was to create a systemd unit, that will run on boot before local-fs.target

# /etc/systemd/system/rescan-sd-card.service
[Unit]
Description=Remove and rescan MMC and PCI devices before mounting filesystems
DefaultDependencies=no
Before=local-fs.target
[Service]
Type=oneshot
ExecStart=/bin/sh -c 'echo 1 > /sys/class/mmc_host/mmc0/device/remove'
ExecStartPost=/bin/sh -c 'echo 1 > /sys/class/pci_bus/0000:00/rescan'
RemainAfterExit=yes
[Install]
WantedBy=local-fs.target

Note: check if on your device the sdcard is also mmc0 - you can check it just by looking at lsblk.

After creating the file at /etc/systemd/system/rescan-sd-card.service, we need to enable it

sudo systemctl enable rescan-sd-card.service

And now, on boot, the system will ‘remove’ the mmc device, and rescan pci bus. That solved the issue and now my OS is booting without user intervention.

Reference

https://unix.stackexchange.com/questions/710377/microsd-card-not-found-at-boot-time-works-when-ejected-and-reinserted

Solving issue with K3s System Upgrade exec /bin/upgrade.sh: exec format error

Fri, 02 Aug 2024 22:37:07 +0200

Recently, I was trying to upgrade my toy K3s cluster using System Upgrade Plans operator. Applied example manifest, control-plane upgraded without issues, but pod for upgrading worker node was constantly restarting with error in logs exec /bin/upgrade.sh: exec format error. I would kinda expect that issue on ARM system (although we come a long way in the last couple of years!), but my nodes are running on x86 CPU, so what is happening?

My troubleshooting steps

Try to define image version with correct architecture

Looking at image manifest, it is a multi-arch image, so maybe we are pulling the wrong image (or there was an error on release)? I noticed that rancher is pushing single-arch images as well, so just in case I tried to define image for specific architecture (amd64)

apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
name: plan-k3s-agent-upgrade
namespace: system-upgrade
spec:
[...]
upgrade:
image: rancher/k3s-upgrade:v1.30.3-k3s1-amd64

The issue still persisted.

Restarting node

In my case, my K3s nodes are virtual machines running on Proxmox hosts, so I just tried to reboot the VM, but it didn’t change anything. I had a couple of PVC on that node which were using openebs-hostpath storage, so I didn’t want to go straight to nuclear option (but kinda recommended option) to just delete old node and replace it with brand new one.

Prune images on node

Maybe at first we pulled an image for a wrong architecture? Decided to prune unused images from that node, just to be safe.

root@k3s-2:~# crictl rmi --prune
Deleted: docker.io/rancher/k3s-upgrade:v1.30.3-k3s1

And after restarting the system upgrade operator, the update proceeded without issues, and both of my nodes were happily on v1.30.3.

➜ kg nodes
NAME STATUS ROLES AGE VERSION
k3s-1 Ready control-plane,etcd,master 138d v1.30.3+k3s1
k3s-2 Ready <none> 138d v1.30.3+k3s1

The fix in this case was pretty straight-forward, but maybe my troubleshooting steps will help someone in the future.

Własny zdecentralizowany Reddit, czyli jak stworzyć własną instancje Lemmy używając Dockera

Tue, 16 Apr 2024 20:00:00 +0200

W tym wpisie postaram się przybliżyć proces instalacji własnej instancji Lemmiego oraz opisać czym jest ten cały fediverse.

Czym jest Lemmy?

Lemmy to zdecentralizowany odpowiednik Reddita/agregatora linków/forum. Istnieje podział na community, możliwość upvote/downvote oraz komentowania postów.

Czym jest ten fediverse?

Fediverse (Fediwersum) to w skrócie zbiór zdecentralizowanych serwisów społecznościowych które korzystają z ustandaryzowanego protokołu do komunikacji z sobą. Działaniem bardzo przypomina email - czyli przykładowo posiadając skrzynkę pocztową na gmailu, możemy bez problemu pisać i odbierać maile od użytkownika o2 - tak samo jest tutaj, np. jeżeli ktoś opublikuje wpis na Lemmy, to inny użytkownik który np. używa Mastodon, zobaczy ten post oraz może z nim prowadzić interakcje. Plusem fediverse jest to, że nie ma jednego centralnego serwera.


Ten sam post z community !linux@lemmy.ml widoczny na lemmy.ml oraz sh.itjust.works

Po co tworzyć własną instancje?

Jeżeli chcesz tylko spróbować fediverse, nie musisz tworzyć własnej instancji - najlepiej znaleźć instancje która ma otwartą rejestrację lub poprosić o dostęp. Jest wiele list instancji np. joinfediverse.wiki lub fediverse.to.

Tworzenie własnej instancji ma sens, jeżeli:

chcesz prowadzić większe community i mieć nad nim pełną kontrolę
chcesz mieć niezależną, prywatną instancje, za którą odpowiadasz tylko Ty

Co jest potrzebne do stworzenia własnej instancji?

Do stworzenia własnej instancji nie potrzeba dużo - potrzebujesz tylko domeny (lub subdomeny) oraz serwer z wyjściem na świat (otwartym portem 80/443). Lemmy nie wymaga dużo zasobów, ja moją małą instancje hostuje na serwerze z 2vCPU, 2GB RAM oraz 20GB dysku. Łącze nie ma dużego znaczenia, dla paru osób nawet 5Mb/s uploadu prawdopodobnie wystaczą.

Instalacja Lemmy

Do stworzenia instancji Lemmy wykorzystam Dockera, ponieważ to najprostsza metoda instalacji oraz aktualizacji, dodatkowo nie ma większego znaczenia z jakiego systemu operacyjnego korzystasz na hoście. Ten tutorial będzie przedstawiał kroki na Debianie.

Zainstaluj Dockera W zależności od systemu operacyjnego, będzie się to trochę różniło. Najlepiej będzie przejrzeć oficjalną dokumentacje Dockera jak zainstalować Docker Engine na systemie który wybrałeś.

Przykład na Debianie/Ubuntu
```
sudo apt update
sudo apt install docker docker-compose
```
Utwórz folder pod pliki Aby zachować porządek, utworzymy folder w katalogu domowym gdzie będziemy trzymać wszystkie elementy lemmy - w zależności od konfiguracji dysków lub preferencji, możesz go również utworzyć w innym miejscu.
```
mkdir ~/lemmy
mkdir ~/lemmy/volumes
```

Utwórz docker-compose Lemmy dzieli się na pięć (lub cztery jeżeli chcemy wykorzystać oddzielne reverse proxy) elementy:

Lemmy - główna aplikacja która serwuje API oraz obsługuje wymianę informacji
Lemmy-ui - kontener z interfejsem webui do interakcji z instancją
pict-rs - usługa do przechowywania obrazków na instancji
Postgres - baza danych
Nginx - jako reverse proxy które kieruje ruch do odpowiednich kontenerów - jest on opcjonalny jeżeli mamy już inne reverse proxy wystawione w sieci.

Na czas pisania tego poradnika, najnowsza stabilna wersja Lemmy to 0.19.3 - sprawdź czy na Githubie nie ma dostępnej nowszej wersji.

# docker-compose.yml
version: "3.7"

x-logging: &default-logging
 driver: "json-file"
 options:
 max-size: "50m"
 max-file: "4"

services:
 proxy:
 image: nginx:1-alpine
 ports:
 # You could use port 80 if you won't use a reverse proxy
 - "8536:8536"
 volumes:
 - ./nginx.conf:/etc/nginx/nginx.conf:ro,Z
 restart: unless-stopped
 depends_on:
 - pictrs
 - lemmy-ui
 logging: *default-logging

 lemmy:
 image: dessalines/lemmy:0.19.3
 hostname: lemmy
 restart: always
 logging: *default-logging
 volumes:
 - ./lemmy.hjson:/config/config.hjson:Z
 depends_on:
 - postgres
 - pictrs

 lemmy-ui:
 image: dessalines/lemmy-ui:0.19.3
 environment:
 - LEMMY_UI_LEMMY_INTERNAL_HOST=lemmy:8536
 - LEMMY_UI_LEMMY_EXTERNAL_HOST=your-domain.tld
 - LEMMY_UI_HTTPS=true
 volumes:
 - ./volumes/lemmy-ui/extra_themes:/app/extra_themes:Z
 depends_on:
 - lemmy
 restart: always
 logging: *default-logging

 pictrs:
 image: docker.io/asonix/pictrs:0.5.4
 # this needs to match the pictrs url in lemmy.hjson
 hostname: pictrs
 # we can set options to pictrs like this, here we set max. image size and forced format for conversion
 # entrypoint: /sbin/tini -- /usr/local/bin/pict-rs -p /mnt -m 4 --image-format webp
 user: 991:991
 volumes:
 - ./volumes/pictrs:/mnt:Z
 restart: always
 logging: *default-logging
 deploy:
 resources:
 limits:
 memory: 690m

 postgres:
 image: docker.io/postgres:15-alpine
 hostname: postgres
 environment:
 - POSTGRES_USER=lemmy
 - POSTGRES_PASSWORD=password
 - POSTGRES_DB=lemmy
 volumes:
 - ./volumes/postgres:/var/lib/postgresql/data:Z
 restart: always
 shm_size: 1g
 logging: *default-logging

Podmień your-domain.tld we wszystkich miejscach na prawdziwą domenę.

Utwórz plik konfiguracyjny lemmy oraz nginx W folderze w którym utworzyłeś docker-compose.yml, utwórz plik lemmy.hjson - jest to główny plik konfiguracyjny lemmy, gdzie skonfigurujemy dane dostępowe do bazy danych, pict-rs, hostname oraz opcjonalne dane SMTP.

W podstawowej konfiguracji, jedyną rzeczą jaką należy tutaj zmienić, jest hostname (powinien odpowiadać domenie pod którą chcesz wystawić instancję) oraz pictrs.api_key (powinien się pokrywać z api_key zdefiniowanym w docker-compose)
```
# lemmy.hjson
{
 # for more info about the config, check out the documentation
 # https://join-lemmy.org/docs/en/administration/configuration.html

 database: {
 # name of the postgres database for lemmy
 database: "lemmy"
 # username to connect to postgres
 user: "lemmy"
 # password to connect to postgres
 password: "password"
 # host where postgres is running
 host: "postgres"
 # port where postgres can be accessed
 port: 5432
 # maximum number of active sql connections
 pool_size: 5
 }
 hostname: "your-domain.tld"
 pictrs: {
 url: "http://pictrs:8080/"
 api_key: "randomApiToken"
 # If you have a instance only for couple of people, you might want to disable image caching
 # from other instances
 cache_external_link_previews: false
 }
}
```
Dla bezpieczeństwa, sugeruję zmienić domyślne dane, np. hasło do bazy postgres oraz apiKey do pictrs.
Zajrzyj na join-lemmy.org/docs/administration/configuration.html aby dowiedzieć się o reszcie dostępnych opcjach konfiguracjnych.

Pobierz przykładową konfiguracje nginx
```
wget https://raw.githubusercontent.com/LemmyNet/lemmy/1596aee724339c7112d5efa42fa37e838e87d93c/docker/nginx.conf -O ~/lemmy/nginx.conf
```
Jeżeli masz inne reverse proxy, możesz pozbyć się kontenera proxy z docker-compose i wykorzystać ten nginx.conf jako baza.

Aby federacja działała poprawnie, potrzebujemy mieć SSL, np. za pomocą LetsEncrypt, w zależności od tego jak chcesz wystawić Lemmy (za reverse proxy, wykorzystać nginx w docker-compose jako główny), musisz odpowiednio zmodyfikować konfiguracje nginx.

Ustaw poprawne uprawnienia dla volumes

mkdir -p ~/lemmy/volumes/pictrs
mkdir -p ~/lemmy/volumes/postgres
# Set owner to user defined in pictr
sudo chown -R 991:991 volumes/pictrs

Uruchom docker-compose

docker-compose up -d


Po chwili interfejs lemmy-ui powinien być dostępny - powineneś mieć opcje aby założyć konto administratora oraz opcje konfiguracyjne site, jak nazwa, opis, czy instancja ma mieć otwartą rejestrację oraz ustawienia federacji.

Domyślnie nie musisz zmieniać żadnych opcji federacji, sugeruję zostawić Registration Mode na Require registration application, aby nasza instancja nie została źródłem spamu

Następnie powinniśmy już mieć możliwość subskrybowania społeczności 🎉

Znajdowanie społeczności
Domyślnie nie będziesz widział żadnych społeczności - musisz je najpierw znaleźć - do znajdowania społeczności Lemmy możesz wykorzystać Lemmy Explorer Skopiuj link do społeczności (przykładowo !nazwa@instacja.tld), przejdź do wyszukiwarki na swojej instancji Lemmy i wyszukaj społeczność. Możliwe że za pierwszym razem od razu twoja instancja nie pokaże wyszukiwanej społeczności, spróbuj ponownie kliknąć na wyszukiwanie.

Następnie przejdź do społeczności i ją zasubskrybuj, po pewnym czasie na twojej instancji powinny się pokazywać posty z danej społeczeności.

Jeżeli po dłuższym czasie nadal nie pojawiają ci się posty z instancji zewnętrznych, sprawdź logi nginx, oraz czy na pewno twoja instancja jest poprawnie dostępna z internetu/posiada poprawnie skonfigurowane HTTPS

Cover background: Pawel Czerwinski on unsplash

Setup proxmox-csi-driver in K3S Kubernetes Cluster using FluxCD

Tue, 16 Jan 2024 21:24:07 +0200

Currently, I have small, two-node sandbox k3s cluster on my Proxmox homeserver. It is great for testing new things in Kubernetes ecosystem, but currently i’m missing one thing that is pretty awesome on “real” cloud environments with managed Kubernetes services - additional persistent volumes. Of course, I can use local-path to get persistent storage in my cluster, but it would be cool to attach separate virtual disks per pod. That’s when i found proxmox-csi-driver.

Proxmox-csi-driver is developed by Serge Logvinov. It is a opensource CSI driver for Proxmox, you can find it on GitHub

Create proxmox user for driver

First, login to your Proxmox host via SSH or using WebUI Console, and create seperate user that we will utilize for interacting from Kubernetes

root@ashe:~# pveum role add CSI -privs "VM.Audit VM.Config.Disk Datastore.Allocate Datastore.AllocateSpace Datastore.Audit"
root@ashe:~# pveum user add kubernetes-csi@pve
root@ashe:~# pveum aclmod / -user kubernetes-csi@pve -role CSI
root@ashe:~# pveum user token add kubernetes-csi@pve csi -privsep 0
┌──────────────┬──────────────────────────────────────┐
│ key │ value │
╞══════════════╪══════════════════════════════════════╡
│ full-tokenid │ kubernetes-csi@pve!csi │
├──────────────┼──────────────────────────────────────┤
│ info │ {"privsep":"0"} │
├──────────────┼──────────────────────────────────────┤
│ value │ 1d22d441-2115-4dx4-9e43-144c1ssdd12e │
└──────────────┴──────────────────────────────────────┘

Save the secret token for later. Also make sure, that your Kubernetes nodes have ‘VirtIO SCSI Single’ as their SCSI Controllers.

Label kubernetes nodes

For driver to work correctly (attach disks to appropriate k8s node), we need to add labels

topology.kubernetes.io/region can be arbitrary, but it needs to match with config, i will use default Region-1

topology.kubernetes.io/zone should be set to Proxmox node name

Author suggest utilizing his another tool https://github.com/sergelogvinov/proxmox-cloud-controller-manager, but currently, I will just add labels with the non-automatic way

➜ k label node/homelab-k3s-1 topology.kubernetes.io/region=Region-1
node/homelab-k3s-1 labeled
➜ k label node/homelab-k3s-2 topology.kubernetes.io/region=Region-1
node/homelab-k3s-2 labeled
➜ k label node/homelab-k3s-1 topology.kubernetes.io/zone=ashe
node/homelab-k3s-1 labeled
➜ k label node/homelab-k3s-2 topology.kubernetes.io/zone=ashe
node/homelab-k3s-2 labeled

I also noticed that kubernetes.io/hostname=homelab-k3s-1 should match VM name at Proxmox, despite setting the .spec.ProviderID

Install using FluxCD

I will install proxmox-csi-driver using Helm Chart by FluxCD HelmRelease. We will also create a separate namespace for the driver, so it could run as a privileged user.

The proxmox-csi-driver README also explains deploying the driver using plain Kubernetes manifest, Helm and Talos if that’s more your thing

Note: this is an example of HelmRelease and depends on your repository layout you probably should put that HR in seperate Kustomization

apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
 name: sergelogvinov
 namespace: flux-system
spec:
 interval: 10m
 type: oci
 url: oci://ghcr.io/sergelogvinov/charts
---
apiVersion: v1
kind: Namespace
metadata:
 name: proxmox-csi
 labels:
 kustomize.toolkit.fluxcd.io/prune: disabled
 pod-security.kubernetes.io/enforce: privileged
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
 name: proxmox-csi
 namespace: proxmox-csi
spec:
 interval: 30m
 chart:
 spec:
 chart: proxmox-csi-plugin
 sourceRef:
 kind: HelmRepository
 name: sergelogvinov
 namespace: flux-system
 maxHistory: 2
 install:
 createNamespace: true
 remediation:
 retries: 3
 upgrade:
 cleanupOnFail: true
 remediation:
 retries: 3
 uninstall:
 keepHistory: false
 values:
 config:
 clusters:
 - url: https://ashe.issei.space:8006/api2/json
 insecure: false # if you have self-signed SSL certificate, change it to true
 token_id: "kubernetes-csi@pve!csi"
 token_secret: "${PROXMOX_KUBERNETES_CSI_SECRET:=notset}"
 region: Region-1
 storageClass:
 - name: proxmox-data-xfs
 storage: nvme # Storage name at proxmox
 reclaimPolicy: Delete
 fstype: xfs

I also did use Flux substitute (PROXMOX_KUBERNETES_CSI_SECRET), so before pushing the changes to repo I made sure that secret we generated before was deployed in Flux cluster secrets

After pushing the changes to git, we can check if the Helm was deployed successfully

➜ ~ flux get ks -A
NAMESPACE NAME REVISION SUSPENDED READY MESSAGE
[...]
flux-system cluster-apps-proxmox-csi main@sha1:3f0676cf False True Applied revision: main@sha1:3f0676cf
[...]
➜ ~ flux get hr -n proxmox-csi
NAME REVISION SUSPENDED READY MESSAGE
proxmox-csi 0.1.15 False True Helm upgrade succeeded for release proxmox-csi/proxmox-csi.v8 with chart proxmox-csi-plugin@0.1.15
➜ ~ kubectl get pods -n proxmox-csi
NAME READY STATUS RESTARTS AGE
proxmox-csi-proxmox-csi-plugin-controller-bd748957b-g2nxc 5/5 Running 5 (17m ago) 19m
proxmox-csi-proxmox-csi-plugin-node-9v4x8 3/3 Running 3 (17m ago) 60m
proxmox-csi-proxmox-csi-plugin-node-gnn24 3/3 Running 3 (18m ago) 60m
➜ ~ k get storageclass
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
local-path cluster.local/local-path-provisioner Delete WaitForFirstConsumer true 19d
proxmox-data-xfs csi.proxmox.sinextra.dev Delete WaitForFirstConsumer true 34m

Test

For testing, I will deploy StatefulSet

apiVersion: apps/v1
kind: StatefulSet
metadata:
 name: test
 namespace: default
 labels:
 app: alpine
spec:
 podManagementPolicy: Parallel  # default is OrderedReady
 serviceName: test
 replicas: 1
 template:
 metadata:
 labels:
 app: alpine
 spec:
 terminationGracePeriodSeconds: 3
 containers:
 - name: alpine
 image: alpine
 command: ["sleep","1d"]
 securityContext:
 seccompProfile:
 type: RuntimeDefault
 capabilities:
 drop: ["ALL"]
 volumeMounts:
 - name: storage
 mountPath: /mnt
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
 app: alpine
 volumeClaimTemplates:
 - metadata:
 name: storage
 spec:
 accessModes: ["ReadWriteOnce"]
 resources:
 requests:
 storage: 2Gi
 storageClassName: proxmox-data-xfs

Make sure that storageClassName matches the one we set earlier.

➜ ~ k get pods
NAME READY STATUS RESTARTS AGE
test-0 1/1 Running 0 3m24s

Let’s start a shell in our new pod

➜ ~ k exec -it pod/test-0 ash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
/ # df -h
Filesystem Size Used Available Use% Mounted on
overlay 14.6G 4.1G 9.8G 30% /
tmpfs 64.0M 0 64.0M 0% /dev
/dev/sdb 1.9G 46.1M 1.9G 2% /mnt
/dev/vda1 14.6G 4.1G 9.8G 30% /etc/hosts
/dev/vda1 14.6G 4.1G 9.8G 30% /dev/termination-log
/dev/vda1 14.6G 4.1G 9.8G 30% /etc/hostname
/dev/vda1 14.6G 4.1G 9.8G 30% /etc/resolv.conf
shm 64.0M 0 64.0M 0% /dev/shm
tmpfs 1.9G 12.0K 1.9G 0% /run/secrets/kubernetes.io/serviceaccount
tmpfs 985.5M 0 985.5M 0% /proc/acpi
tmpfs 64.0M 0 64.0M 0% /proc/kcore
tmpfs 64.0M 0 64.0M 0% /proc/keys
tmpfs 64.0M 0 64.0M 0% /proc/timer_list
tmpfs 64.0M 0 64.0M 0% /proc/sched_debug
tmpfs 985.5M 0 985.5M 0% /sys/firmware

As we can see, we have /mnt mounted, let’s now create a file

/ # cd /mnt
/mnt # ls
/mnt # echo $(date) > test-file
/mnt # cat test-file 
Tue Jan 16 20:12:16 UTC 2024
/mnt # exit

Now let’s exit the pod, delete it, wait for recreate, and check if the file is still there

➜ ~ k delete pod/test-0
pod "test-0" deleted
➜ ~ k get pods
NAME READY STATUS RESTARTS AGE
test-0 0/1 ContainerCreating 0 5s
➜ ~ k get pods
NAME READY STATUS RESTARTS AGE
test-0 1/1 Running 0 13s
➜ ~ k exec -it pod/test-0 ash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
/ # cd /mnt
/mnt # ls -la
total 8
drwxr-xr-x 2 root root 23 Jan 16 20:12 .
drwxr-xr-x 1 root root 4096 Jan 16 20:12 ..
-rw-r--r-- 1 root root 29 Jan 16 20:12 test-file
/mnt # cat test-file 
Tue Jan 16 20:12:16 UTC 2024

Bingo! The file is still there. We can also check storage class of our Persistent Volume Claim (PVC) to be sure

➜ ~ k get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
storage-test-0 Bound pvc-08fa4889-3749-40a3-85cb-ddf273d9ac21 2Gi RWO proxmox-data-xfs 7m11s

In Proxmox WebUI we can also see that additional virtual disk was also attached

Note: Make sure that after adding new PVC the VM have corrent boot order. In my case it did change, and after a node reboot the VM did not boot from OS disk

Troubleshooting

If you get an error like

Warning FailedScheduling 38s default-scheduler 0/2 nodes are available: 2 node(s) did not have enough free storage. preemption: 0/2 nodes are available: 2 Preemption is not helpful for scheduling.

Make sure that cluster nodes can reach Proxmox WebUI. In my case, the issue was caused by proxmox datacenter-level firewall on a host where I forgot to add a rule which allows access to webui (tcp 8006) from a second internal network.

Cover photo by Maria Teneva on Unsplash

Noob is trying to build Android kernel 4.14.x

Sun, 16 Jul 2023 14:37:07 +0200

At the beginning of this article, i would like to mention that i’m a noob when it comes to android custom kernel or ROM development, so some of these information may be obvious to some of you, but it was relatively hard to find one place with up-to-date information on this topic.

Backstory - why i want to compile the kernel for my phone?

My current phone is the Xiaomi Mi 9 - i’m very happy with this phone, it is more than fast enough for my everyday needs, and the photo quality (especially on gcam) is also pretty good. My main issue with this phone was under MIUI 12 - it had a couple of annoying bugs that will probably never get fixed:

Sometimes, despite being muted, when taking a screenshot - the stock android sound and popup will appear.
The screenshots are a bit darker than on screen (as the screenshot is captured at the first frame of the animation…)
Sometimes the MIUI Gallery app is trying to index photos, and it might come across a corrupted image - in that case, it would just drain your battery and peg CPU retrying - solution: factory reset the phone or disallow access to storage/uninstall the app

I decided that life is too short to bother with buggy software that i don’t have a control on, and i didn’t want to change phone (..aand probably i just like to mess with stuff), because aside from this, it was working great! I unlocked the bootloader, and install PixelOS 13 - since then - the phone is running better than on stock MIUI (feels quicker + battery last longer). Huge thanks to the mainteiner of PixelOS for cepheus - balgxmr.

So - why i want to build the kernel from scratch? Because after the last OTA update, there was no KernelSU-compatible kernel on telegram channel. Yes - i could just ask if he could release flashable zip with KSU, but why not try to build it myself?

KernelSU is a root solution that works in kernel mode and grant root permission to userspace application directly in kernel space. Compared to Magisk, i didn’t had any issues with using mobile banking apps, Google Pay or McDonald’s app (which was always the hardest to trick that my device was not rooted…)

What do i need to build a kernel?

Preferably Linux-based OS (but can also be done on Windows or Mac!)
Kernel source
anykernel3 (optional - to create a flashable zip)
aarch64 toolchain
arm32 toolchain
patience

As a example for this write up i will be using kernel_xiaomi_cepheus

File structure

using --depth 1 to only download the latest changes, as I only want to compile the kernel without any modifications (as the kernel from balgxmr already has a branch with KernelSU patch).

mkdir -p workdir && cd workdir
git clone https://github.com/balgxmr/kernel_xiaomi_cepheus --depth 1
git clone https://github.com/balgxmr/anykernel3 anykernel
git clone https://github.com/radcolor/aarch64-linux-gnu --depth 1
git clone https://github.com/radcolor/arm-linux-gnueabi --depth 1
chmod +x -R kernel_xiaomi_cepheus/build.sh kernel_xiaomi_cepheus/scripts/

Before continuing i noticed that the kernel has dos character newline encoding, so to get it working under unix, i needed to use the tool dos2unix

find . -type f -print0 | xargs -0 dos2unix

source

At first i had no idea where to get toolchain, as https://gitlab.com/PixelOS-Devices/playgroundtc was missing some gcc binaries - got the idea from issue #2 in repo.

That’s why i decided to use another prebuild binaries

Installing dependencies on Arch-based OS

Some packages are named differently in arch repository than in debian/ubuntu, here is a list of what you need to install:

sudo pacman -S clang gcc bc llvm make ncurses bison flex openssl libelf lld zip

Alternative way: Using Docker

If you are facing any issues with installing the dependencies, or you are on another OS and want to quickly setup a build environment, you could use Docker for that.

My Dockerfile

# workdir/Dockerfile
FROM ubuntu:22.04
ENV DEBIAN_FRONTEND=noninteractive
# Installing necessary packages
RUN apt update && apt upgrade -y && \
apt install git clang g++-11 bc llvm make \
build-essential libncurses-dev bison flex \
libssl-dev libelf-dev zip lld -y \
&& rm -rf /var/lib/apt/lists/* \
&& mkdir /work
WORKDIR /work
CMD tail -f /dev/null

It is using a Ubuntu 22.04 as a base image, and it just install the necessary build dependencies. Also as a small hack - to keep it from shutting down, it will tail /dev/null.

My docker-compose.yaml
we can also just use docker run, as there would be only one container, but to keep it simple with volume mounts and building i will use docker-compose

# workdir/docker-compose.yaml
version: '3.7'
services:
builder:
container_name: builder
build:
context: .
volumes:
- ./:/work/

This docker-compose will build Dockerfile from current directory, and mount files we have in our workdir to /work inside our Docker container.

Build and enter the container

docker-compose up -d
docker exec -it builder bash

Trying to build the kernel

Thankfully, the kernel source did contain build.sh that helped me to figure out what i need to actually compile the kernel. This script probably can be used also for other kernels (just remember to change DEFCONFIG) In build.sh i needed to change a couple of variables

export CLANG_PATH=/work/aarch64-linux-gnu/bin
export CLANG32_PATH=/work/arm-linux-gnueabi/bin
export PATH=${CLANG_PATH}:${CLANG32_PATH}:${PATH}
export CROSS_COMPILE=${CLANG_PATH}/aarch64-linux-gnu-
export CROSS_COMPILE_ARM32=${CLANG32_PATH}/arm-linux-gnueabi-
# Paths
KERNEL_DIR=`pwd`
REPACK_DIR=/work/anykernel
ZIP_MOVE=/work/out

Now in kernel_xiaomi_cepheus directory, we can try to execute bash build.sh and see results. Depends on your hardware, it could take some time - on my AMD Ryzen 5 5600G system it took around 6 minutes.

If everything went well, you should have a flashable zip in workdir/out on your host.

Installing Linux on Chromebook (and other Apollo Lake devices)

Tue, 23 May 2023 00:24:56 +0200

In this post i will focus on replacing the ChromeOS with Linux. Before i was running Eupnea on my chromebook, it was working alright, but the boot splashscreen was quite annoying (and recently i encourage a ‘softbrick’ after kernel update).

If you want to dualboot linux+chromeos i would sugest to stick with Eupnea on external storage, like fast SD card or USB stick.

What do i need?

Some patience
Two USB drives - one with UEFI compatible linux of your choice - I will install EndeavourOS via Ventoy because i’m too lazy to configure a decent looking arch desktop on my own, and a second one to backup stock firmware. Technically you can do that on the same drive, but just to be safe, I recommend two separate ones.
Enabled Developer mode, and disabled WP

Step zero - validate coreboot support for your device

Visit https://mrchromebox.tech/#devices website and check if your device have support for ‘UEFI Firmware’. You probably can also do the same thing using WP_LEGACY, but i decided to just replace firmware in my chromebook.

First step - installing coreboot

To install coreboot you have to disable WP (write protection), on chromebooks with CR50 chip you need to use SuzyQ cable or disconnect the batery and power up the laptop. You also need to have enabled developer mode in ChromeOS.

Open terminal (CTRL+ALT+T) in ChromeOS
Enter shell
Execute this command

cd; curl -LO mrchromebox.tech/firmware-util.sh && sudo bash firmware-util.sh

It will download and execute the firmware utility script.

Select second option Install/Update UEFI (Full ROM) Firmware
Utility will inform you about the possible consequences. Read it carefully.
The utility will also backup your existing firmware if you decided to go back to stock firmware. You need to connect a USB stick as a storage device for backup.
Proceed with the process.

You can find more information on mrchromebox website

After a successful flash, you can reboot your machine - you should see coreboot logo. Connect pendrive with OS and press ESC on boot screen. Enter Boot Manager Menu and select your device. Install your Linux distro as normal.

Dummy output? Where is audio?

This is not a case for all chromebooks, but at least with my apollo lake based chromebook (HP Chromebook 13 G6 with Intel Celeron N3040) some audio things are missing from kernel. Not a expert on audio subsystem, but that is very annoying.

To have working audio on our linuxed chromebook we will use audio-script from Eupnea Linux Project.

You need to have git and Python <3.10 installed.

git clone https://github.com/eupnea-linux-backup/audio-scripts
cd audio-scripts
./setup-audio --force-avs-install

UPDATE 2023-08-07: Due to Eupnea Project drama + project abondance you might want to use WierdTreeThing audio-scripts fork. I did not tried it yet, but it should work the same way.

The --force-avs-install is needed because AVS driver might be unstable and might damage speakers if you set the volume too high.

Just follow the prompts and install AVS driver. I also recommend installing headphone autoswitch.

Troubleshooting not working speaker/headphones autoswitch

Check if avs-auto-switcher service is running

➜ ~ systemctl --machine=$(whoami)@.host --user status avs-auto-switcher
○ avs-auto-switcher.service - Automatically switch between avs headphones and speakers
Loaded: loaded (/usr/lib/systemd/user/avs-auto-switcher.service; enabled; preset: enabled)
Active: inactive (dead)

if it is inactive, try enabling it using command

systemctl --machine=$(whoami)@.host --user enable --now avs-auto-switcher

and check status once again

➜ ~ systemctl --machine=$(whoami)@.host --user status avs-auto-switcher
● avs-auto-switcher.service - Automatically switch between avs headphones and speakers
Loaded: loaded (/usr/lib/systemd/user/avs-auto-switcher.service; enabled; preset: enabled)
Active: active (running) since Fri 2023-05-26 16:02:22 CEST; 27s ago
Main PID: 16402
Tasks: 2 (limit: 4522)
Memory: 772.0K
CPU: 1.092s
CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/avs-auto-switcher.service
├─16402 /bin/bash /usr/local/bin/avs-auto-switcher
└─16403 acpi_listen

Keyboard layout

EndeavourOS and a couple of other distros have builin layout for chromebook media keys, but if your distro is missing that layout, you can use script from fascinatingcaptain

git clone https://github.com/fascinatingcaptain/CBFixesAndTweaks
cd CBFixesAndTweaks
# make backup of original pc config file
sudo cp -n /usr/share/X11/xkb/symbols/pc /usr/share/X11/xkb/symbols/pc.bck

# copy new pc config file
sudo cp pc /usr/share/X11/xkb/symbols/

# update config
sudo rm -rf /var/lib/xkb/*

On my EndeavourOS (xfce4) install out-of-the-box keyboard brightness control was not working despite enabling that option in power management (and working in the battery settings), so i installed light (using AUR) and just bind these buttons to commands.

To use light as a regular user (without sudo), you need to be in video user group (sudo usermod -aG video $(whoami)).

Update: light is now orphaned.

Enjoy?

On my Chromebook everything else was working fine OOTB.

Sleep (after turning on lid close action in settings)
HDMI output over USB-C
SD Card reader
Wi-Fi, Bluetooth
Battery life looks on par with ChromeOS one

Project Eupnea - native linux for chromebooks

Mon, 15 May 2023 10:40:56 +0200

UPDATE 2023-08-07: Eupnea Project has been discontinued, new install of Depthboot are not recommended, if you can, just use UEFI + audio fixes. Also their Discord and Github was compromised. If you are currenty using Depthboot it is recommended to remove their repository from package manager list.

Let me start with that - second-hand chromebooks are awesome value for cheap, long-lasting battery, portable Netflix and SSH machine.

I’ve got my Chromebook about a year ago for 55 USD, it is a HP Chromebook 11a G6. I love how lightweight it is and that i can charge it from literally everything using USB-C ports (for real - it can even take charge from normal 5V USB charger). And the battery is awesome, it lasts a whole working day of moderate use. I bought a chromebook mostly as an experiment, on how the ChromeOS works for “poweruser” - and to be honest, it isn’t that bad, mostly because of the Linux Debian container, but it is still very limiting.

So i went on the search of solutions of installing another OS on it - as i knew that pretty much any x86 chromebook can be flashed with coreboot from mrchromebook.tech

The issue are drivers for hardware. I really wanted to use some Linux distro, as i think it would work the best on hardware with that spec tier. But unfortunately, not all i2c hardware have great support, mostly audio, keyboard and touchpad. Actually on the Windows side things seems to be working a bit better, but i doubt Windows 10 on 16GB emmc would be a pleasant experience.

Breath

Later i discover Breath - it is a way to natively boot Linux without replacing chromebook firmware. All you need to do, is enable Developer Mode, create bootable USB and you can install it. Additionally, it is using Google ChromeOS kernel, so everything should be supported out-of-the-box. It does support creating bootable USB with

Debian
Ubuntu
Arch
Fedora

Unfortunately, the project was archived due to lack of active maintenance.

Project Eupnea

Eupnea is a fork of Breath, featuring all the features from Breath.

I decided to give it a try, first try was with EupneaOS - their own distro with a goal of mimicking ChromeOS look, and even Android emulator (via Waydroid). The distro is using KDE Plasma as a Desktop Environment. I was pretty amazed on how booting process was painless - all it took was to enable developer mode in chromeOS and enable debugging options (that allow access to ChromeOS root shell), executing command that allow booting from USB unsigned OS, quick reboot, pressing CTRL+U, and in a couple of minutes i was on Linux KDE desktop running live from USB on my chromebook!

Later i decided to create my own image, based on Arch Linux and KDE Plasma (yeah, kde might not be the best choice for that class of hardware) - the process was pretty easy even on WSL2 environment. It generated a .img file that i could just dd onto flash drive.

Next couple of minutes, and i was on desktop of my image, next i decided to execute install-to-internal command, which, as you might guess, installs the OS to internal storage.

The best part of it - because you don’t need to replace the firmware - you can just go back to ChromeOS with recovery media.

After a reboot, i was on desktop of my arch install, running on chromebook - actually i wasn’t running that bad, considering that my chromebook have only a 6W TDP Celeron N3350. But one thing was missing - the audio.

Audio setup

As my chromebook is running ‘apollo lake’ line of cpu i needed to use AVS drivers. The setup-audio script claim they are flaky and can burn out speakers, but personally I haven’t had any issues yet. Both the headphone jack and built-in speakers works.

General usability

The first thing i wanted to do on my Linuxed chromebook was installation Steam. It can be done in Crostini, but on my 16GB EMMC, i was missing space and there aren’t any good ways of mounting external SD card in Crostini environment (there is a “Share for linux” option, but that limits transfer speeds to about 5MB/s…)

The game i wanted to try the most was Stardew Valley - and it works straight away! But, i had before played this game via Crostini, and it was also working fine under ChromeOS.


HP Chromebook 13 G6 running Steam and Stardew Valley on Arch Linux with Eupnea kernel + necessary fastfetch

Next thing was a internet browsing using Firefox, as day-to-day, it is my primary browser. It was also running pretty good, no stutters while playing youtube videos, Discord is also running “ok” - sometimes it takes a couple of seconds to switch serve. Netflix, after installing ‘netflix 1080p’ extension, also work great.

I’ve been running arch on my chromebook for about a month now, and i’m pretty happy with the result. It really brings up the usability of the laptop for me. The battery is also performing on par with the chromeos.

How to use Backblaze B2 as primary storage in Nextcloud

Mon, 23 Jan 2023 23:30:56 +0200

To setup B2 as primary storage in Nextcloud you of course need to install NC first. For that, I used setup-nextcloud.php script - it is a nice, quick way of deploying nextcloud on shared hosting. Normally i would recommend setting it up as a docker container, but that will also work for testing. While installing Nextcloud just pick default storage place for now.

Creating bucket in Backblaze

If you don’t already have Backblaze account, you can register here. Backblaze gives 10GB of free storage + 1GB traffic per day for every user.
Note: make sure you select correct region, as of right now, accounts can’t be moved between regions

Next, after logging in, click on Buckets → Create a Bucket

Enter unique bucket name, and set “Files in Bucket are” “Private”, as we don’t want to access our files publicly from URL.

Click on “Create a Bucket”

Creating application keys in Backblaze

Next, navigate to Account → App Keys

On Application Keys page, click on “Add a New Application Key”

In popup, enter name of key, allow access only to the bucket we created, and allow list all bucket names for S3 compatibility.

After clicking on Create New Key, you will see your new keyID and applicationKey. Note - it will be displayed only once.

Configuring Nextcloud

Go to config/config.phpfile on your Nextcloud server and to $CONFIG array add

'objectstore' => [
 'class' => '\\OC\\Files\\ObjectStore\\S3',
 'arguments' => [
 'bucket' => 'nextcloud-testing',
 'autocreate' => false,
 'key' => '004e8eebeeeef000000000f',
 'secret' => 'K00400000000000000000000/zU',
 'hostname' => 's3.us-west-004.backblazeb2.com',
 'port' => 443,
 'use_ssl' => true,
 'region' => 'auto',
 'use_path_style'=>true
 ],

Replace nextcloud-testing with the name of your bucket. Hostname should be the endpoint of bucket.

config.php should look something like that

<?php
$CONFIG = array (
 'instanceid' => '...',
 'passwordsalt' => '...',
 'secret' => '...',
 'trusted_domains' =>
 array (
 0 => 'nc.issei.space',
 ),
 'datadirectory' => '/home/issei/web/nc.issei.space/public_html/data',
 'dbtype' => 'mysql',
 'version' => '25.0.3.2',
 'overwrite.cli.url' => 'https://nc.issei.space',
 'dbname' => 'issei_ncs3',
 'dbhost' => 'localhost',
 'dbport' => '',
 'dbtableprefix' => 'oc_',
 'mysql.utf8mb4' => true,
 'dbuser' => 'issei_ncs3',
 'dbpassword' => '...',
 'installed' => true,
 'objectstore' => [
 'class' => '\\OC\\Files\\ObjectStore\\S3',
 'arguments' => [
 'bucket' => 'nextcloud-testing',
 'autocreate' => false,
 'key' => '004e8eebeeeef000000000f',
 'secret' => 'K00400000000000000000000/zU',
 'hostname' => 's3.us-west-004.backblazeb2.com',
 'port' => 443,
 'use_ssl' => true,
 'region' => 'auto',
 // required for some non Amazon S3 implementations
 'use_path_style'=>true
 ],
],
);

Save the file and visit Nextcloud.

Note: if you uploaded files prior to setting object store you will no longer see them (but they still exist on local filesystem).

Try to upload a file, if it succeeds, congratulation, your Nextcloud instance will now use B2 as primary storage!

Basic troubleshooting guide

Add to config array 'debug' => true, It will print any errors.
Try to access bucket with awscli or WinSCP on your local machine.

Password prompt while trying to use 'minikube tunnel' (docker@127.0.0.1's password:)

Thu, 03 Nov 2022 10:40:56 +0200

Issue

$ minikube tunnel
✅ Tunnel successfully started
📌 NOTE: Please do not close this terminal as this process must stay alive for the tunnel to be accessible ...
🏃 Starting tunnel for service balanced.
docker@127.0.0.1's password:

Solution

You need to add minikube’s ssh key to your ssh agent

ssh-add C:\Users\user\.minikube\machines\minikube\id_rsa

Issues with ssh-add

Cannot use ssh-add, agent not running

Make sure ssh-agent is running

Get-Service ssh-agent | Set-Service -StartupType Automatic
Start-Service ssh-agent

Permissions for ‘C:\Users\user.minikube\machines\minikube\id_rsa’ are too open.

In case you get “Permissions for ‘C:\Users\user\.minikube\machines\minikube\id_rsa’ are too open.” you might need to copy id_rsa to desktop and change permissions https://superuser.com/a/1296046

Archivit

Thu, 13 Oct 2022 00:24:56 +0200

What is Archivit?

Archivit is a application that can archive Reddit subreddits posts with comments. It is fully open-source and free to use, you can find it on my github - github.com/ihyoudou/archivit

Usecase

Although i did this project mostly because i wanted to try out Laravel Livewire I do see some usecases.

Archiving history, changes of subreddit
Using the post data, images from posts for machine learning
Gathering statistics

Ducopay

Sun, 14 Aug 2022 00:24:56 +0200

What it is?

Ducopay is a simple payment gateway for a internet currency called Duinocoin. It features “p2p” payment method. In the first version, the coins were send at first to our account, tax was subtracted, and the rest was send to seller, but later it was removed, and the payment goes directly to seller.

It features very simple API and working mechanism

You create new transaction (as a result you get a transaction ID)
Then shop redirect you to Ducopay website for payment
On Ducopay page after successful payment Duinocoin transaction ID is send to backend for verification
If Duinocoin transaction is valid, the Ducopay server sends a callback to shop
Shop mark order as ‘payment successful’

Integrations

I created some demo applications in PHP and Python (with Flask), plus Wordpress Woocommerce plugin.

Go to Ducopay Docs to learn more: https://docs.ducopay.com/example/
Link to Ducopay: https://ducopay.com

Ducopay was written using PHP framework Symfony

TrueTracker

Sun, 14 Aug 2022 00:24:56 +0200

What it is?

TrueTracker is my first PHP project created using Symfony framework. It is a simple RMA portal.

Repair shop register repair request (input serial numbers, customer details)
Repair shop give customer repair tracking code
Customer can check status of repair on portal
Repair shop can add notes, update repair status
System can send Email notifications about change in status.

Frontend is using Bootstrap 5 + jQuery

Features

Display repair status for customer
Generate QR Code for quick lookup
Ability to attach pictures and description to status
Search bar for shop - can filter by customer
Different permissions level (employee, admin)
Generate repair raport to PDF
Status messages can be customized
Send email notification about status change
Email notification HTML can be changed from admin page
Automatic updates

Screenshots

List of users

Example email notification

Example of exported status report

Search bar can search by serial number, customer email or phone number, repair order descriptions

List of repair orders

Predefined states

Adding new status to repair order. Status can be visible for customer or it can be set to interal (only employees can see them)

Repair order view for shop

Repair order view for customer

Bułkowzów

Sat, 13 Aug 2022 00:24:56 +0200

O projekcie

Aplikacja była moim projektem na zaliczenie praktyk zawodowych w technikum (2020) - miał być to sklep internetowy który umożliwia rezerwacje/zamówienie danego posiłku oraz stworzenie bułki z własnymi składnikami. Aplikacja została napisana w czystym PHP7, wykorzystuje bazę danych MySQL oraz bibliotekę CSS Bootstrap 4.

Funkcje aplikacji

Rejestracja oraz logowanie użytkowników
Weryfikowanie konta za pomocą wiadomości email
System uprawnień (użytkownik/administrator)
Możliwość wygenerowania kodu odbioru zamówień (oraz kodu QR)
Możliwość wygenerowania “tokenu offline” który umożliwia sprawdzenie ostatnich zamówień z danego konta
Możliwość ułożenia własnej bułki z predefiniowanych składników oraz obliczanie ceny
System ocen oraz komenatrzy pod każdym produktem
Możliwość zmiany podstawowych informacji z panelu administratora
Możliwość ustawienia konkretnych godzin w których można zarezerować produkt
Responsywny design

Mailevi

Sat, 13 Aug 2022 00:24:56 +0200

Założenia projektu

MailEvi to prosty system do ewidencji fizycznej korespondecji oraz przesyłek do danej instytucji. Aplikacja została napisana w czystym PHP7, wykorzystuje bazę danych MySQL oraz bibliotekę CSS Bootstrap 4.

Założenia projektu

Projekt powstał na zlecenie instytucji i miał być zastępstwem dla arkusza kalkulacyjnego.

Dodawanie poczty przychodzącej i wychodzącej, wraz z danymi nadawcy/odbiorcy, opcjonalnym zdjęciem oraz symbolem.
Możliwość dodawania, modyfikacji oraz usuwania symboli przez pracowników
Automatyczne uzupełnianie inicjałów w kreatorze symbolu
Lista poczty podzielona na pocztę przychodzącą i wychodzącą
Możliwość sortowania tabeli oraz wyszukiwanie.
Możliwość eksportu listy do pliku CSV
Podział na konta administratora oraz pracownika
Widok dla administratora kto dodał dany rekord, data ostatniego logowania oraz możliwość zmiany haseł użytkowników.

Eksport do pliku CSV

Dodatkowe informacje o korespondencji

'Hackowanie' ZOOMki - czyli co można zrobić z ramką na zdjęcia Zoom.me

Tue, 24 Nov 2020 00:24:56 +0200

Jakiś czas temu od mojego przyjaciela (dzięki Oskar!) dostałem ramkę zoom.me ponieważ nie miał do niej zasilacza, a po szybkim sprawdzeniu w internecie co to w ogóle jest, oboje się zainteresowaliśmy. Tak, jak widać po zdjęciu wyżej, można na niej uruchomić DOOMa ;)

Ale od początku - co to jest w ogóle ta ramka zoom.me?

Jak możemy przeczytać na stronie producenta:

ZOOM.ME to nowe podejście do komunikacji z bliskimi. Dzięki ZOOM.ME każdy może dzielić się z przyjaciółmi wspaniałymi chwilami uchwyconymi na zdjęciach.

Czyli w skrócie - jest to cyfrowa ramka na zdjęcia na którą można wysłać zdjęcia z dowolnego miejsca na świecie, korzystając z aplikacji lub wprost z maila. Została wydana w 2014 roku w współpracy z firmą Goclever i niestety nie okazała się takim sukcesem na jaki liczyli jego twórcy, po roku od wydania można było ją kupić za około 200zł. Tutaj pojawia się pierwszy problem, ponieważ jak można zobaczyć w Sklepie Play aplikacja ma aż 1.8 gwiazdki, do tego większość opinii wspomina o problemami z połączeniem do serwera

No dobra, ale może już to naprawili, przecież strona jeszcze działa… Niestety ale próba stworzenia konta przez aplikacje jest niemożliwa, ponieważ nieważne jakiego maila bym tam wpisał, on zawsze jest już zajęty. Z ciekawości spróbowałem wysłać zdjęcie mailem na adres który wyświetla się na ramce, niestety - dostaje wiadomość zwrotną, że mój email nie istnieje w systemie (?!)

Okej, skoro nie mogę w taki sposób skorzystać z ramki to pewnie jest inny sposób? Tak - można kopiować zdjęcia bezpośrednio przez złącze microUSB z komputera. Po podłączeniu do komputera można zauważyć dwa foldery - DCIM oraz Pictures. Aby zdjęcia były widoczne na ramce należy je skopiować do folderu DCIM/ZOOM.ME. I tutaj można zauważyć kolejną ciekawostkę - mimo przywrócenia ustawień fabrycznych w menu ramki zdjęcia się nie usuwają. No dobra, zdjęcia skopiowałem, wyświetlają się, fajnie, ale jednak to trochę mało.

Dostanie się do androida

Tak, ta ramka na zdjęcia działa pod kontrolą androida w wersji 4.2.2. W środku znajduje się procesor Allwinner A23 wraz z 512MB pamięci ram oraz 4GB pamięci flash. Samo to, że ramka działa na androidzie można samemu dosyć szybko zauważyć - ponieważ podczas wpisywania hasła do sieci WiFi wysuwa się typowa androidowa klawiatura. No to do dzieła - udało mi się w internecie znaleźć instrukcję do ramki, jak i poradnik od producenta w jaki sposób zaktualizować jej oprogramowanie oraz post na forum XDA z prośbą o pomoc w wgraniu gapps. Z instrukcji wynika, że domyślnie powinno być włączone debugowanie USB, więc dostanie się do systemu powinno być bardzo proste. Niestety, ale moja ramka posiadała troszkę nowszą wersje oprogramowania i trik z ośmiokrotnym kliknięciem na wersje oprogramowania aby dostać się do ustawień nie zadziałał a debugowanie USB też nie jest uruchomione.

W mojej ramce nie ma oryginalnej wersji oprogramowania - oryginalne oprogramowanie zostało wydane 07.10.2014, u mnie jest wersja z 17 grudnia 2014. W instrukcji aktualizacji dostępny jest rom z wersją 17.07.2015 - nie wiem czym się dokładniej różnią.
Na samym początku postanowiłem że skoro mam dostęp do instrukcji aktualizacji softu i pliku z systemem oraz jest to urządzenie z procesorem Allwinner to zmodyfikuję sobie rom i do build.prop dodam opcje aby debugowanie było włączone. Sama ta operacja się powiodła, ale przy głębszym spojrzeniu do instrukcji zauważyłem, że do aktualizacji softu potrzebne jest włączone debugowanie USB (?!). Teoretycznie rozwiązanie tego jest proste - wystarczy wyłączyć urządzenie, przytrzymać przycisk głośności i podłączyć kabel USB. Dlaczego teoretycznie? Ponieważ to jest ramka na zdjęcia która nie ma głośnika oraz przycisków głośności. Zastanawiałem się nad otworzeniem obudowy i poszukaniem na płycie głównej pinów odpowiedzialnych za UART lub/oraz głośności, ale dostałem oświecenia…

Hm, przecież to Allwinner

…ciekawe czy obsługuje USB OTG. Wziąłem przejściówkę USB OTG, podłączyłem klawiaturę, i.. Działa! No okej, teraz mogę sterować urządzeniem klawiaturą, ale co mi to daje? Ano właśnie dużo - mogę wykorzystać skrót klawiszowy WIN+spacja aby przejść do wbudowanej przeglądarki - tutaj zauważyłem drobny problem - przeglądarka ma problemy z witrynami korzystającymi z HTTPS, ale jestem już za blisko aby mnie to pokonało - wrzuciłem na prosty serwer www plik APK z Olauncherem i go pobrałem. Huh - sprawdź pasek powiadomień z postępem pobierania pliku - ale ja nie mam dostępu do paska powiadomień.

Z ciekawości wszedłem na stronę gdzie można wybrać plik do uploadu i pokazał mi się Open Manager - to było już spore ułatwienie ponieważ znałem ścieżkę do pliku. Próbowałem “wydostać się” do zwykłego trybu menadżera plików ale nie udało mi się. Przypomniałem sobie, że przecież znam teraz ścieżkę i w przeglądarce mogę wpisać lokalizacje tego pliku, więc wpisałem file://storage/emulated/0/Downloads/launcher.apk i moim oczom ukazało się okienko z pytaniem, czy na pewno chcę zainstalować tą aplikacje
Po zainstalowaniu launchera wystarczy kliknąć parę razy “ESC” aby przejść do wyboru programu startowego - ja wybrałem aby domyślnie startował launcher - jeżeli ktoś nadal by chciał korzystać z aplikacji zoom.me może ją po prostu uruchomić z listy.

Jestem w androidzie ale co dalej?

Android który jest w tym urządzeniu jest bez aplikacji google (google-apps gapps) przez co swoją drogą działa lepiej niż się spodziewałem. Nie będę tutaj instalował aplikacji google ponieważ miejsca już jest mało, szkoda dodatkowo zamulać urządzenia, a do tego będą tutaj zbędne. Postanowiłem po prostu skorzystać z stron typu apkmirror oraz ewentualnie instalować aplikacje ze sklepu na moim telefonie a następnie eksportowanie ich apk na to urządzenie.
Swoją drogą - nadal nie mamy przycisków nawigacyjnych - przydały by się aby nie trzeba było podłączać klawiatury. W tym celu potrzebujemy zmodyfikować plik build.prop, a żeby go zmodyfikować musimy mieć roota.
Na szczęście rootowanie androida do wersji 5 na takich prostych konstrukcjach jest banalne, ale nadal potrzebujemy debugowania USB. Teraz kiedy już mamy launcher możemy przejść do ustawień, zjechać w dół -> Opcje programistyczne i zaznaczyć debugowanie USB. Na komputerze powinnyśmy mieć zainstalowane sterowniki ADB - ja zawsze korzystam z tej paczki. Do rootowania wykorzystam skryptu pod nazwą “rootV2” która jest do pobrania tutaj - wystarczy wypakować pliki, przejść do folderu, uruchomić skrypt, poczekać chwilę i zaraz powinnyśmy mieć na naszej ramce roota oraz aplikacje SuperSU.
Teraz możemy wykorzystać adb aby zmodyfikować nasz build.prop. W tym celu przechodzimy do wiersza poleceń i wykonujemy komendę adb shell, a następnie
su echo "qemu.hw.mainkeys=0" >> /system/build.prop

Po tej operacji należy zrestartować ramkę i powinniśmy już widzieć pasek powiadomień oraz przyciski nawigacyjne

Zakończenie

Teraz kiedy już mamy dostęp do przeglądarki, menadżera plików, ADB, roota oraz normalnego launchera możemy robić wszystko co chcemy na tym urządzeniu.

'Odceglanie' NAS'a Buffalo LS210/LS220

Wed, 06 Nov 2019 00:24:56 +0200

Ten poradnik powinien działać dla Buffalo LS210/LS220 i rozwiązać problem z siedmiokrotnym miganiem czerwonej diody podczas rozruchu.

Na początku informuję że nie odpowiadam za ewentualne uszkodzenia oraz utratę danych! Przed rozpoczęciem, jeżeli nie mamy kopii zapasowej, należy taką utworzyć - więcej informacji jak odczytać dyski z NAS’a jest na dole

W przypadku w którym NAS nie jest w ogóle widoczny w sieci oraz w NAS Navigatorze należy wgrać podstawowy system od początku używając TFTP. Domyślnie NAS nada sobie adres IP 192.168.11.150/24. Adres serwera TFTP (swojego komputera) należy ustawić na 192.168.11.1/24 i upewnić się aby wyłączyć zaporę systemu a następnie podłączyć NAS bezpośrednio do komputera kablem sieciowym.

W oknie serwera TFTP powinien pojawić się komunikat listening On: 192.168.11.1:69

Jeżeli się nie wyświetla, lub wyświetla się inny adres IP należy sprawdzić konfigurację adresów IP (lub spróbować odłączyć i podłączyć przewód sieciowy, może też być konieczne aby przed zmianą IP być podłączonym do obecnej sieci jeżeli adres się nie zmienia na ten który ustawiliśmy)

Następnie należy przytrzymać czerwony przycisk “function” z tyłu NAS i podłączyć zasilanie. Należy trzymać przycisk function do czasu kiedy dioda z przodu NAS zacznie migać na biało, następnie puścić przycisk i nadusić go jeszcze raz. W konsoli powinny pokazywać się komunikaty

Client 192.168.11.150 ... Block Served
Client 192.168.11.150 ... Block Served

Teraz NAS powinien być w EM Mode (Emergency mode) i pokazywać się w NAS Navigatorze.

Następnie należy uruchomić program LSUpdater.exe, poczekać aż wyszuka naszego NAS’a i kliknąć przycisk Update.

źródło

Proces ten będzie trwał kilka minut, po pomyślnym ukończeniu należy podłączyć NAS do sieci aby dostał adres przez DHCP. Po chwili serwer powinien być widoczny w NAS Navigatorze z jego adresem IP.

Linki do pobrania wszystkich potrzebnych plików: Download | Mirror [mega.nz] | Mirror [GDrive]

Suma kontrolna: SHA1: BA3E87B4C61AAA85D8A58321E35D7B68BEBF97DE

Dodatkowe informacje:

Dane na dyskach są w formacie EXT4 oraz RAID jest tworzony przez MD, więc bez problemu można RAID lub pojedynczy dysk odczytać przez linuxa lub z zastosowaniem przykładowo Ext2Fsd pod Windowsem.

Issei.space

1Password Linux: fatal: cannot exec '/opt/1Password/op-ssh-sign': No such file or directory

High kworker CPU usage on idle linux system

Backblaze B2 Operator for Kubernetes

How to setup?

Creating keys

Setup operator using Helm

Setup operator in FluxCD repository

Creating an example bucket

Exposing service from Runpod.io (and others) to netbird network

Okay, so how to do it?

What’s going on here?

Setting it up

Final thoughts

ChatGPT on feature phone

Setting up the IDE

Now what?

Issue with networking

Building the application

Demo time!

FYI: My HTTP routes are not visible after migrating from regular docker to docker swarm!!

Podłączenie własnego routera Netia ETTH

Plesk default page instead of domain content after enabling Cloudflare proxy

How NOT to setup a RWX storage for Kubernetes cluster - SMB share on Mikrotik router

Setup Kubernetes cluster

Setup Samba share on Mikrotik

Setup SMB CSI on Kubernetes

Testing out our monstrosity

Random Read

Random Read/Write

Real-world application test?

End words

References

MicroSD Card not visible on boot in linux

The solution

Reference

Solving issue with K3s System Upgrade exec /bin/upgrade.sh: exec format error

My troubleshooting steps

Try to define image version with correct architecture

Restarting node

Prune images on node

Własny zdecentralizowany Reddit, czyli jak stworzyć własną instancje Lemmy używając Dockera

Czym jest Lemmy?

Czym jest ten fediverse?

Po co tworzyć własną instancje?

Co jest potrzebne do stworzenia własnej instancji?

Instalacja Lemmy

Setup proxmox-csi-driver in K3S Kubernetes Cluster using FluxCD

Create proxmox user for driver

Label kubernetes nodes

Install using FluxCD

Test

Troubleshooting

Noob is trying to build Android kernel 4.14.x

Backstory - why i want to compile the kernel for my phone?

What do i need to build a kernel?

File structure

Installing dependencies on Arch-based OS

Alternative way: Using Docker

Trying to build the kernel

Installing Linux on Chromebook (and other Apollo Lake devices)

What do i need?

Step zero - validate coreboot support for your device

First step - installing coreboot

Dummy output? Where is audio?

Troubleshooting not working speaker/headphones autoswitch

Keyboard layout

Enjoy?

Project Eupnea - native linux for chromebooks

Breath

Project Eupnea

Audio setup

General usability

How to use Backblaze B2 as primary storage in Nextcloud

Creating bucket in Backblaze

Creating application keys in Backblaze

Configuring Nextcloud

Basic troubleshooting guide

Password prompt while trying to use 'minikube tunnel' (docker@127.0.0.1's password:)

Issue