┏┓┏┓╋╋╋╋╋╋╋╋╋╋┏┓╋╋╋┏┓┏┓
┃┗┫┗┳━┳┳┳┳━┳━┳┛┣━┳┳┫┗┫┗┳━┳┳┓
┃┏┫┃┃┻┫┃┃┃╋┃╋┃╋┃━┫┃┃┏┫┏┫┻┫┏┛
┗━┻┻┻━┻━━┻━┻━┻━┻━┻━┻━┻━┻━┻┛

Blog Home :: Videos :: All Posts :: Tags :: RSS :: IMG :: About :: Test :: Gift 4 You ::

Linux Containers Success!

July 14, 2025 — t̷h̷e̷8̷w̷o̷o̷d̷c̷u̷t̷t̷e̷r̷

Greetings people of spaaace! There's a moth flying around space here too right now. I am glad to announce a first time major success with LXC containers! I finally had the patience to get down to dealing with, at the beginning, such an amount of debugging required and pull through. Thing is? I didn't watch a single video, I didn't do a single course online, I didn't even get any first hand advice or help! I simply forged my way through it. So I thought I would document here some of the key parts of what I discovered were things LXC needs for Debian 12.

Also, it's worth mentioning that this summer has been going really well for advanced Linux system administration, for me. Previously, suppose it was last week, I had gotten a SELinux Debian 12 VM configured well enough to launch to a new cloud platform. I struggled with a new one, it was Kamatera.com, and they honestly were not great. Their image init system rekt my SELinux user contexts I had setup for UID 1000, first unprivileged user, otherwise the sysadmin_r. I ended up paying off my balance with Digital Ocean. Yea, these guys effortlessly, programmatically, without intervention took my Debian 12 SELinux VM and made it a server. However I ultimately didn't go with it, because it still required a LOT of work and when you upload your own image you don't get automatically ipv6. It was going to be far too much work to do.

So anyways, about LXC I discovered a number of new concepts, or concepts in more depth, such as Control Groups, as part of the Linux kernel. With this came the need to understand SUBUID/SUBGID (man 5 subuid). With this concept also comes namespaces (man 7 namespaces). Included in these things to learn I've learned a bunch of new Linux concepts and commands, which to me was very cool and a bit exciting as it's been quite a long time since I've bothered my OS in such depth 😁

One drawback about LXC is that often if you change something serious enough you might have to reboot your host. This is aggravating to do on this public web facing server, when there's folks chatting on xmpp://wwan@muc.xmpp.packets.cc, but I got it done. I found that apparmor, which is Debian's default (and crap imo) LSM (linux security module), tended to cause problems, so I recommend you get apparmor configured totally, even before you work with LXC. One of the biggest gains with my efforts was configuring unprivileged containers, meaning, having my own $USER be able to use and work all the lxc-* commands, and also stash the rootfs for each container in ~/.local/share/lxc/{name}/{config,rootfs}. I sought after this because on this invaluably resourceful page it says that LXC containers get basically no security benefits from being started under root user. I took this very seriously.

I'll let you know of a very hard to find bit of information, and I'll be happy to put it here for my own future reference, but something confuses the Debian kernel or somesuch where cgroup version 1 is what it prefers, otherwise it COMPLETELY ruins LXC, and I wasn't really able to find anything that stood out, and came across a forum page where somebody asked for help, and the one line of that whole page that matters incredibly is to put systemd.unified_cgroup_hierarchy=0 in GRUB_CMDLINE_LINUX_DEFAULT="", then ofc run update-grub and reboot. What this does is disable cgroups v2, where the heirarchy for all the groups is unified, and apparently this is better, but disabling that made my stuff sing, and I was ever stoked. Perhaps there's some way to improve my setup and use v2 cgroups 🤔

Hmmmm... I'm trying to think about what else is worth mentioning, eh, I suppose my lxc.idmap config was much simpler than I was struggling with a week or more ago. It was simply to have in /etc/subuid (and /etc/subgid too exact same) username:100000:65536 and the lxc.idmap to correspond to it like lxc.idmap = u 0 100000 65535, same for group, BUT *NOTE:* I did in fact have some errors when I tried to use only 10000 and 20000 UID's (which is the last number for both /etc/subuid, and lxc.idmap in /etc/lxc/default.conf || ~/.config/lxc/default.conf) and INDEED, or at least on Debian 12, you NEED the full 65536 UID/GID's, no doubt.

EH, I hope this helps somebody! This will for sure help myself for next time, and serve as a nice short point of reference. Have some B A S S: Albion Collective Presents Teffa. Here's the SoundCloud link. pEAcE.. ✌️

Tags: LXC, system-administration, linux, servers, nginx, selinux, cgroups, containers, packets

For fear of a dead link

July 06, 2025 — t̷h̷e̷8̷w̷o̷o̷d̷c̷u̷t̷t̷e̷r̷

Not always a good thing! That is getting lost in hypertext world! Here's the new, and permanent URL for my cgit instance: ccgit.packets.cc. I renamed my cgit project because c, for my XMPP nickname chunk, seemed too convenient to pass up. I can't really say that I legitimately forked cgit so I don't know what kind of repository it would actually be considered. However it's general purpose, though it's currently private and sorry to disappoint you now, is install.sh and the fact that for my iteration on any new webserver this works 100% correctly. I am really really stoked about that because I did indeed put some effort into smoothing out all it's undocumented hiccups, cgit that is. Also I have made it pretty, yay!

I am stoked to keep my eyes open for more inspiring open source projects like xserver or xlibre that are like, doing good work. I can not promise perfect uptime, cuz yea, but I wish to mirror more cool stuff on it. The next bout of development for this project is non-existent yet, but probably at some point I might work into it my own unique way of using Linux server OS and some funky backend user/repo/project management. As well, though I'm still not sure how, I think it would be very nice to make a mini login, but using Linux server OS actual users and perhaps PAM authentication and accounting, but without giving users shells, and allow members of a little community to have their own cooperative access to repos. That would be very damn cool. It's quite possible that for my first quantifiable exercise in C programming, ccgit/cgit will be my first interest :D

Tags: ccgit, cgit, cgi, fcgiwrap, nginx, git, repositories, THEARMADA, chunk, codez

New Post 5 Minutes in the Future

April 02, 2025 — t̷h̷e̷8̷w̷o̷o̷d̷c̷u̷t̷t̷e̷r̷

In the spirit of a new post I thought I would state that it's like a new time, honestly, for me. I've gotten past a longsuffering and under God's heavenly clouds I see happiness! Praise the Lord! I have gotten a public (i think it's called an SVN?) cgit website/server up now! I've been having helluva lot of fun with that since yesterday. The address is cgit.packets.cc which is a subdomain of my XMPP server packets.cc (click to join muc chat in your xmpp client!). I hope you like it, if you are going to follow along with the development of THE ARMADA, a (currently) lone enterprise. That's all I wanted to share, have a good one out there! Don't go to sketchy websites, pay close attention to everything! The white van isn't what you think it is! HaHaHa!!! (not funny I know) ....

Tags: news, freedom, fresh-start, good-times, no-more-haste, programming, lua, cgit, python, golang, php, nginx, system-administration, hosting, xmpp


.. - 𝕥𝕙𝕖𝟠𝕨𝕠𝕠𝕕𝕔𝕦𝕥𝕥𝕖𝕣...-..