┏┓┏┓╋╋╋╋╋╋╋╋╋╋┏┓╋╋╋┏┓┏┓
┃┗┫┗┳━┳┳┳┳━┳━┳┛┣━┳┳┫┗┫┗┳━┳┳┓
┃┏┫┃┃┻┫┃┃┃╋┃╋┃╋┃━┫┃┃┏┫┏┫┻┫┏┛
┗━┻┻┻━┻━━┻━┻━┻━┻━┻━┻━┻━┻━┻┛

Blog Home :: Videos :: All Posts :: Tags :: RSS :: IMG :: About :: Test :: Gift 4 You ::

Recent Good Times 🪕

August 08, 2025 — t̷h̷e̷8̷w̷o̷o̷d̷c̷u̷t̷t̷e̷r̷

Ever get a hunch, or a predication, or a scent of the future? I would be filled with praise and joy.

So I recently rented a dedicated hardware server for not bad money, compared to the market. I very much enjoy the systems these folks have. I honestly wouldn't have had any plans what to do with it except solely to tinker with it, and test out more advanced software in a case where I "theoretically could" migrater my VPS services and sites to it. So I wandered into some nice software actually!

I've used cockpit before but never at any length. This time I've made that work, and been seeing much of what it can do. It's system admin server management software that's hosted on the dedicated server for use of managing virtual machines, monitoring resources, managing performance and also VERY CONVENIENTLY it has a log viewer! I do think, but don't quote me on it, it monitors journald. However this cockpit, as far as I can tell, was created by RHEL (Red Hat Enterprise Linux) devs it utilizes qemu/kvm and libvirt for it's virtualization panel. Mind you, that I think is an extra extension to install. Since I installed all the available extensions on debian 12 repositories I had to deal with a thing called PCP (Performance Co-Pilot, which combined with installing tuned, granted me quite a few performance profile options, and an intense amount of indepth logging available for the debian 12 base bare metal OS.

One thing I had to deal with was however, that with PCP there's a number of related processes, it's modular in nature, and they almost all of them open a lot of ports on your public interface AND VOID MY WHITELIST FIREWALL!!! That was not cool, and it's not like you know, entire public IP ranges aren't known, and bombed with fuzzers, and some worse than others. And, it's not like you know, that any sofware is "just good", "nah, she's good n secure, don worry bout it", BULLSHIT, smh, it superceded my firewall even. I fixed that though, I was just suprised.

Another thing I'm working on rather heavily is packets flask app project. My twtxt apparatus, for microblogging, and I plan to tie it to XMPP using a SliXMPP library XMPP bot that can accept commands from MUC group chat or PM privately, and post automatically. I have a number of other cool ideas, but I don't wanna really tell anybody cuz I've found not many if anybody really gives a shit. Oh well. However I think the web application, once really polished up and beyond a proper v1.0, should probably actually be enticing for folks, and DEFO one of a kind for sure!

Yea, and as much as I'd like to work on this blog, and have converted it to pythons, and fixed things like the templating being a pain, and the fact I can't use block CSS elements inside of posts (grrrrrr), pyblog project is still basically in competition for dead last on my priorities for programming. However have you noticed the cool new styles updates? LoL I went down the rabbit hole again ⛳🐇

Tags: good-times, news, the8woodcutter, system-administration, sysops, linux, debian12, flask, packets

Linux Containers Success!

July 14, 2025 — t̷h̷e̷8̷w̷o̷o̷d̷c̷u̷t̷t̷e̷r̷

Greetings people of spaaace! There's a moth flying around space here too right now. I am glad to announce a first time major success with LXC containers! I finally had the patience to get down to dealing with, at the beginning, such an amount of debugging required and pull through. Thing is? I didn't watch a single video, I didn't do a single course online, I didn't even get any first hand advice or help! I simply forged my way through it. So I thought I would document here some of the key parts of what I discovered were things LXC needs for Debian 12.

Also, it's worth mentioning that this summer has been going really well for advanced Linux system administration, for me. Previously, suppose it was last week, I had gotten a SELinux Debian 12 VM configured well enough to launch to a new cloud platform. I struggled with a new one, it was Kamatera.com, and they honestly were not great. Their image init system rekt my SELinux user contexts I had setup for UID 1000, first unprivileged user, otherwise the sysadmin_r. I ended up paying off my balance with Digital Ocean. Yea, these guys effortlessly, programmatically, without intervention took my Debian 12 SELinux VM and made it a server. However I ultimately didn't go with it, because it still required a LOT of work and when you upload your own image you don't get automatically ipv6. It was going to be far too much work to do.

So anyways, about LXC I discovered a number of new concepts, or concepts in more depth, such as Control Groups, as part of the Linux kernel. With this came the need to understand SUBUID/SUBGID (man 5 subuid). With this concept also comes namespaces (man 7 namespaces). Included in these things to learn I've learned a bunch of new Linux concepts and commands, which to me was very cool and a bit exciting as it's been quite a long time since I've bothered my OS in such depth 😁

One drawback about LXC is that often if you change something serious enough you might have to reboot your host. This is aggravating to do on this public web facing server, when there's folks chatting on xmpp://wwan@muc.xmpp.packets.cc, but I got it done. I found that apparmor, which is Debian's default (and crap imo) LSM (linux security module), tended to cause problems, so I recommend you get apparmor configured totally, even before you work with LXC. One of the biggest gains with my efforts was configuring unprivileged containers, meaning, having my own $USER be able to use and work all the lxc-* commands, and also stash the rootfs for each container in ~/.local/share/lxc/{name}/{config,rootfs}. I sought after this because on this invaluably resourceful page it says that LXC containers get basically no security benefits from being started under root user. I took this very seriously.

I'll let you know of a very hard to find bit of information, and I'll be happy to put it here for my own future reference, but something confuses the Debian kernel or somesuch where cgroup version 1 is what it prefers, otherwise it COMPLETELY ruins LXC, and I wasn't really able to find anything that stood out, and came across a forum page where somebody asked for help, and the one line of that whole page that matters incredibly is to put systemd.unified_cgroup_hierarchy=0 in GRUB_CMDLINE_LINUX_DEFAULT="", then ofc run update-grub and reboot. What this does is disable cgroups v2, where the heirarchy for all the groups is unified, and apparently this is better, but disabling that made my stuff sing, and I was ever stoked. Perhaps there's some way to improve my setup and use v2 cgroups 🤔

Hmmmm... I'm trying to think about what else is worth mentioning, eh, I suppose my lxc.idmap config was much simpler than I was struggling with a week or more ago. It was simply to have in /etc/subuid (and /etc/subgid too exact same) username:100000:65536 and the lxc.idmap to correspond to it like lxc.idmap = u 0 100000 65535, same for group, BUT *NOTE:* I did in fact have some errors when I tried to use only 10000 and 20000 UID's (which is the last number for both /etc/subuid, and lxc.idmap in /etc/lxc/default.conf || ~/.config/lxc/default.conf) and INDEED, or at least on Debian 12, you NEED the full 65536 UID/GID's, no doubt.

EH, I hope this helps somebody! This will for sure help myself for next time, and serve as a nice short point of reference. Have some B A S S: Albion Collective Presents Teffa. Here's the SoundCloud link. pEAcE.. ✌️

Tags: LXC, system-administration, linux, servers, nginx, selinux, cgroups, containers, packets

New Post 5 Minutes in the Future

April 02, 2025 — t̷h̷e̷8̷w̷o̷o̷d̷c̷u̷t̷t̷e̷r̷

In the spirit of a new post I thought I would state that it's like a new time, honestly, for me. I've gotten past a longsuffering and under God's heavenly clouds I see happiness! Praise the Lord! I have gotten a public (i think it's called an SVN?) cgit website/server up now! I've been having helluva lot of fun with that since yesterday. The address is cgit.packets.cc which is a subdomain of my XMPP server packets.cc (click to join muc chat in your xmpp client!). I hope you like it, if you are going to follow along with the development of THE ARMADA, a (currently) lone enterprise. That's all I wanted to share, have a good one out there! Don't go to sketchy websites, pay close attention to everything! The white van isn't what you think it is! HaHaHa!!! (not funny I know) ....

Tags: news, freedom, fresh-start, good-times, no-more-haste, programming, lua, cgit, python, golang, php, nginx, system-administration, hosting, xmpp


.. - 𝕥𝕙𝕖𝟠𝕨𝕠𝕠𝕕𝕔𝕦𝕥𝕥𝕖𝕣...-..