💾 Archived View for missbanal.net › status-update-2023-03 captured on 2023-11-14 at 07:46:50. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-11-04)

➡️ Next capture (2024-06-16)

-=-=-=-=-=-=-

Published the 2023-04-01 on Willow's site

Status update mar 2023

Hello you. Time to recap what happened to me this month.

This should be quick. I don't know if the clock change broke something, but this month passed fast!

Professional situation

In short: 20 days to freedom!

I'll have plenty of time to finalize Fossbill. This will be my very first focus because I want a reliable, and working project that I could be proud of. I really don't expect too much of it. If it becomes just a proof of my values, and a tool I can rely on, it would be enough to me.

Next I would like to help as I can hire.sr.ht. This is a work in progress SourceHut subspace to seek at hackers. I would prefer to not advertise myself on some rival headhunter platforms. I wish to work on FOSS projects as much as possible.

And depending on the situation, I also plan to study kernel driver development. I'll probably finally take time to dig into Helios. I expect the whole code base to be lighter than reading Linux code directly. Hoping the learning curves would be softer, as I will be more fluent with Hare than with Linux C specific ecosystem.

Sxmo released

Some days ago we took some time to release Sxmo, and all subprojects. It went as expected, and we didn't encounter much unplanned edge cases.

I just fixed and flagged some minor patches into a 1.14.1 sxmo-utils, to cover a really specific cases where sxmo wasn't checking wakelocks as expected, if an idle inhibiter programs was running. Example if mpv was playing something while the device went in screen-off with a user manual action.

Fun with NFS + FS-Cache + Cachefiles + OpenVPN

Before today, I used a simple Syncthing shared folder to sync my musics between all my devices. The problem is that this music folder now weight ~50 Go, which is a problem for my lightest devices (rockpro64, pinephones). From years and years, I looked at solutions or alternatives to avoid this problem. But today I think I found a way.

To quote kernel.org: FS-Cache is a module that provides a caching facility to a network filesystem such that the cache is transparent to the user.

The more obvious, and FS-Cache supported network filesystem is NFS. Mhh, I have to set up a bunch of things before I could listen to my musics again...

In my Alpine client machines, running the cachefilesd daemon is all I have to do for the FS-cache/Cachefiles part. I can optionally edit the config file /etc/cachefilesd.conf to change the fscache folder path, or the culling limits.

Next I have to prepare my server machine to offer the music folder as a NFS. Install nfs-utils, and edit /etc/exports so that the client machines can mount the music path. Then start the NFS daemon and it is done.

I initially used read only export rules, but now I have to find a better way. NFS doesn't offer authentication, nor encryption by itself. To have a secured and private NFS, I have to set up a VPN.

I avoided this as much as possible through years. But now, it is time. I am ready.

And in fact, setting up a self-hosted OpenVPN server isn't that bad. The most tricky part is to understand, prepare, and sign carefully the certificates. The basic idea is to give to OpenVPN the CA certificate, so that it can check that the client use signed ones, with the same CA.

On Alpine, we can install easy-rsa to help on this step. Then we rsync the folder /usr/share/easy-rsa/ to a specific folder, one for each client, and one for the CA. Ideally this should be done on all different systems, so that the private keys never leaks.

I'll not dig into too many details, here is a good step-by-step:

https://github.com/OpenVPN/easy-rsa/blob/v3.0.0-rc1/README.quickstart.md

With all signed client and CA certificates, I am pleased to discover that the rest of the OpenVPN config is very simple. Configuring clients is also very straightforward. Start every daemon, and check with `ip a` that it works.

Now that all of my machines talks to each other in a secured way, I can mount my NFS folder through this VPN. The FS-cache works as expected and the cache growths as my system read the files. If I never listen to a music, it never gets downloaded. If storage become rare, the less used cached files will be culled out of the local storage. It is perfect!

That's all for this month! Have a nice weekend! Thanks for reading me.

RSS feed

If this post inspired you, feels free to leave a comment !

The Cogitatis mailing list