I have read a shitload of overcomplicated setups to bring up a postfix / dspam SMTP + antispam server, and finally came to a much lighter and simpler configuration by basically reading documentation and real life examples. Note this is suitable for a personnal and basic environment, no database, no virtual setup. Basic stuff.

The target system is NetBSD but this short doc should apply to pretty much any UNIX / Linux.

Not so long ago, I wrote about using pkgsrc on Debian GNU/Linux, and assumed you’d start an installed service using rc.d. When I setup the new iMil.net server, I decided to give a try to kvm as it is easier to maintain, has good performances (sometimes better than Xen), nice administration tools, plus NetBSD now has a good VirtIO driver but no PVHVM support yet.

The first thing I do when setting up a Debian Jessie server is getting rid of systemd, whose philosophy and quality don’t match my personnal taste; but in that case, I wanted to use libvirtd so I could manage my virtual machines with virt-manager, and as a matter of fact, libvirtd has a hard dependency on systemd. There was no escape this time, I had to learn and use it.

If you’re used to this website you might have noticed the layout has somewhat changed. Actually the engine itself has changed, iMil.net is no more powered by wordpress, instead I switched to a static website generator called hexo. While it can be tricky sometimes, the tool is nicely organized and easy to handle.

On the service side, this web site defaults to HTTPS and is natively IPv6 ready, it is served by an nginx server contained in a sailor ship. Of course, the virtual machine runs NetBSD, on a kvm hypervisor, hosted on Debian GNU/Linux.

Here’s a simple solution in order to forward GRE tunnels to a server, or here a virtual machine, which is located behind a GNU/Linux gateway:

# iptables -t nat -A PREROUTING -i eth0 -p gre -j DNAT --to-destination 192.168.0.1
# modprobe nf_conntrack_proto_gre

No need for complex PREROUTING / POSTROUTING / FORWARD combinations as I could read here and there.

In my case, the virtual machine is a NetBSD domU where I created the following gre(4) interface:

If you recently tried to install NetBSD 7.0 using Linux KVM you might have encountered the following failure:

This bug have been recently fixed on the 7-branch but the official ISO images are not yet updated, so you’ll have to use NetBSD daily builds mini-ISO which includes Christos fix to bus_dma.c

For the record, here’s the virt-install command I use:

sudo virt-install
    --virt-type kvm
    --name korriban
    --ram 4096 --disk path=/dev/vms/korriban,bus=virtio
    --vcpus 2
    --network bridge:br0,model=virtio
    --graphics vnc
    --accelerate
    --noautoconsole
    --cdrom /home/imil/iso/boot.iso
    --cpu host

Performances are really good, the host is a Debian GNU/Linux 8.0 amd64 running on Online’s Dedibox Classic 2015.

A couple of weeks ago, Clark / @jeaneymerit told me he was digging into AngularJS, and as I’m working on a private project where a static website is involved, I thought this framework could help me make that website lightweight in terms of external dependencies.

The site I’m working on contains exclusively static content, and most of it is text, I wanted a simple and elegant method in order to manipulate that content easily, so I wrote a basic website generator in python based on jinja2, for the record it’s available here.

The hotel I stay in Ibiza is awesome, it’s in front of the sea, the staff is nice and welcoming, there’s this amazing pool, AND… they have pretty good WiFi for the Island standards.

But this year, they’ve put those D-Link DWC-1000 repeaters all around the hotel which disconnects you every now and then, you have to re-register via a web page everytime, which is quite annoying. So I came up with this very simple python script that checks if we can reach the outside world, and if not, will use python mechanize in order to register automatically to the captive portal. Not the greatest script I’ve released, but hey, first beaches, parties and beers, then only comes IT :)

So this happened :)

While I tend to appreciate debian GNU/Linux, its tendency to be quite late on software versionning is sometimes annoying. Also, as a pkgsrc developer, I am used to have greater control over the packages I install, for example regarding the options I’d like to include.

For these reasons and a couple more, I sometimes choose to use pkgsrc along with apt to deal with particular packages. In this article, I’ll show how to achieve that task.

For a mysterious reason, EC2 VPN connection informations are stored in XML within the JSON data retrieved by either boto or the awscli command line tool.

Here’s a quick python snippet to convert those datas in a convenient, easily parsable dict:

Combining this piece of code with jinja2 could help you generate racoon (or whatever IPSec software you use) on the fly.

Update

here’s a complete example of an automatic generation for racoon / ipsec configuration files using the previous snippet, along with jinja2.