Using mtqq to create a notification network: mosquitto, mqttwarn, hare, and hared

Leave a Comment / MQTT, Open Source, Security / By /

As you read this post, keep in mind that my particular use case of notification on ssh login is not for everyone. It may not appeal to you. In fact, you might find this to be an absolutely ridiculous thing to do. I respect that. I suggest that somewhere within your network there is at least one type of error condition, one urgent situation, one thing that you would like pushed to your […]

Using mtqq to create a notification network: mosquitto, mqttwarn, hare, and hared Read More »

Book Review: Ed Mastery

Leave a Comment / FreeBSD, Open Source / By /

I don’t normally offer guest posts here, but on this rare occasion I couldn’t say no. Here’s a guest post from Michael W Lucas. What one of us finds delightful, another person might find loathsome. That’s human nature. I keep reminding myself of this every time people start babbling about the virtues of something I find completely idiotic. Keeping my mouth shut gets me out of many arguments before they start. People learn

Book Review: Ed Mastery Read More »

Creating read-only PostgreSQL database users for pg_dump and pg_dumpall

Leave a Comment / Backups, FreeBSD, Open Source, PostgreSQL / By /

See also mysqldump: Error: ‘Access denied; you need (at least one of) the PROCESS privilege(s) for this operation’ when trying to dump tablespaces. I’m linking this because I use both articles on a regular basis. Sometimes you want a user which can only dump the database, but nothing else. Fortunately, I searched, and found a solution. I’m writing it down so I only have to search this blog. I want the user rsyncer

Creating read-only PostgreSQL database users for pg_dump and pg_dumpall Read More »

Adding IPv6 to an existing server

Leave a Comment / IPv6 / By /

I am adding IPv6 addresses to each of my servers. This post assumes the server is up and running FreeBSD 11.1 and you already have an IPv6 address block. This does not cover the creation of an IPv6 tunnel, such as that provided by HE.net. This assumes native IPv6. In this post, I am using the IPv6 addresses from the IPv6 Address Prefix Reserved for Documentation (i.e. 2001:DB8::/32). You should use your own

Adding IPv6 to an existing server Read More »

Using nsupdate to change NS servers

3 Comments / DNS, named, nsupdate / By /

You have an old DNS server: tallboy.example.org You have a new DNS server: ns1.example.org You have a domain, example.com, for which you want to swap the old DNS server with the new DNS using nsupdate. NOTE: the domain is example.com The NS servers are in example.org (different domains). These are the commands you issue: update delete example.com. IN NS tallboy.example.org. update add example.com. 3600 IN NS ns1.example.org. send Of note, you mention the

Using nsupdate to change NS servers Read More »

No more certificate fingerprints – only sasl auth instead

Leave a Comment / Let's Encrypt, Postfix / By /

Today I gave up on my attempt to allow relay via SSL certificate fingerprints. Instead, I will use sasl auth. Yesterday I wrote about my SMTP deliver test which broke when an SSL certificate was updated. Later that day, I finished writing scripts which delivered that fingerprint file to all hosts which needed it. Today, I abandoned that approach in favor of sasl. From the time I decided to use sasl to my

No more certificate fingerprints – only sasl auth instead Read More »

Postfix suddenly starts rejecting email it had been accepting

Leave a Comment / Let's Encrypt, Mail, Postfix / By /

Let’s Encrypt is an easy way to get free SSL certificates in an automated manner. You may never have to manually do another cert renewal again. Last night, I received this email: From: Cron Daemon To: dan@langille.org Subject: Cron /usr/local/bin/cert-puller Date: Fri, 23 Feb 2018 23:57:00 +0000 (UTC) /etc/rc.conf: 3: not found /etc/rc.conf: yr: not found /etc/rc.conf: 3: not found /etc/rc.conf: yr: not found Little did I know when I tweeted about it,

Postfix suddenly starts rejecting email it had been accepting Read More »

Trying iocage to get an old version of FreeBSD

Leave a Comment / FreeBSD, iocage, Jails / By /

Sometimes you just need that old version. So I installed it. FreeBSD 9.3 Sorry, but this article is light. I stopped taking notes after a bit…. We created a VM via VMware, put FreeBSD 11.1 on it, over ZFS. Then install iocage. This is what it looked like: What did it just install? This: $ zfs list -r zroot/iocage NAME USED AVAIL REFER MOUNTPOINT zroot/iocage 825M 30.2G 25K /iocage zroot/iocage/download 180M 30.2G 23K

Trying iocage to get an old version of FreeBSD Read More »

Connecting to old devices via ssh

1 Comment / ssh / By /

I have several old devices. Upgrading them is either impossible, they are unsupported, or I can’t be bothered upgrading the. Access is only via a dedicated VLAN within my home network. When stuck, I posted to Twitter and that led me to OpenSSH Legacy Options. This page describes what to do when OpenSSH refuses to connect with an implementation that only supports legacy algorithms. Here’s what I just tried: $ ssh pdu1 Unable

Connecting to old devices via ssh Read More »

Assigning static IP addresses via dhcp

Leave a Comment / DHCP / By /

NOTE: if you’re using something other than OSX, say, FreeBSD, then a previous blog post might be the solution you are looking for. I suggest skipping to the final paragraph before you implement any of what is below. You fire up your laptop, connect via WIFI, you get an IP address. You plug in an ethernet cable, you get an IP address. This is how things should work. It’s expected. It’s automatic. Sometimes

Assigning static IP addresses via dhcp Read More »

Scroll to Top