For the last 3 years I have been using djbdns on SmartOS and it has all been working great. Recently however, I started looking into DNSSEC and DNSCrypt, which ended up leading me to the OpenNIC Project.

I decided to change my home DNS server setup to forward OpenNIC DNS servers over an encrypted channel as opposed to using OpenDNS like I did with djbdns.

To set this up, I have a zone with dnsmasq and dnscrypt-proxy running

• dnsmasq - listens globally on port 53 for incoming DNS requests, answers local domain DNS requests for my network, and forwards the rest to dnscrypt-proxy
• dnscrypt-proxy - listens locally on port 5300 for incoming DNS requests from dnsmasq and forwards them securely to an OpenNIC DNS server

Install

To start, install dnsmasq with the following command:

pkgin in dnsmasq

Installing dnscrypt-proxy requires a little bit more work as it is currently not in pkgsrc. To install it, we need to pull in some dependencies.

Read More...

At home I have a zone dedicated to running an OpenVPN server. With this I can connect to my home network securely on both my laptop and phone when I'm away.

I followed this guide for getting the zone ready to route properly for OpenVPN, and then used Easy-RSA to generate the certificates needed.

Zone Setup

To get started, make sure the zone is created with allow_ip_spoofing enabled on the NIC of the zone. I used a payload similar to this to create the vpn zone.

{
  "brand": "joyent",
  "image_uuid": "221635c4-3b85-11e8-b6ba-23f68c9bf2c4",
  "autoboot": true,
  "alias": "vpn",
  "hostname": "vpn.rapture.com",
  "dns_domain": "rapture.com",
  "resolvers": [
    "10.0.1.2",
    "10.0.1.3"
  ],
  "ram": 512,
  "nics": [
    {
      "nic_tag": "admin",
      "ip": "10.0.1.41",
      "allow_ip_spoofing": true,
      "netmask": "255.255.255.0",
      "gateway": "10.0.1.1",
      "primary": true
    }
  ]
}

Read More...

Three years ago I set up SmartOS as a Home Router which required creating a zone specifically for handling DHCP requests on my network. As part of wanting to have more visibility into my network, I wrote a program to notify me whenever a new DHCP lease was given out by the server.

https://github.com/bahamas10/node-dhcpd-notifier

Read More...

After installing Bash on Ubuntu on Windows I realized some interesting side effects related to how processes and daemons in the Unix environment are handled. Running a process in the background, or daemonizing a process, will work so long as there is a Bash session open on Windows. Once the last window is closed, all of the processes are cleaned up and killed.

I use ssh keys for authentication when connecting to remote servers which requires the use of ssh-agent. I can run this program manually and it will work so long as there is at least one bash session running on my computer, but once I close the last window the ssh-agent is killed and my keys are unloaded. I've found a couple guides online regarding ssh-agent and WSL specifically, but most of them assume the keys you are using are not password protected.

To remedy this situation, I managed to find a way to create a hidden terminal session that runs ssh-agent in foreground mode when I login to my computer which persists through sleeps and hibernations. This way, ssh-agent will run and stay running from the moment I login until the moment I logout (which is almost never, unless I reboot).

Read More...

Last week I made a big change in my life. In 2008, I switched off of using Windows (and even Linux) as my main Operating System for my laptop and haven't looked back... until this year. Last week I finally made the jump and bought a Microsoft Surface Pro.

I wanted something like an iPad, but that didn't feel like a crippled version of a computer. Instead, I wanted something that was a powerful computer that could double as a tablet (touchscreen and removable keyboard mostly).

Note: Some, if not all, of this guide may be deprecated with the release of the Windows 10 Fall Creators Update in 2017.

Read More...

If you have a Raspberry Pi on WiFi then you are probably aware of the struggles with it randomly disconnecting. If anything goes wrong with the WiFi (access point restarts, IP address changes, you look at the pi the wrong way, etc.) the WiFi will drop and never fix itself. I've written a script called net-dev-kick to kick the network device if a ping check fails.

https://github.com/bahamas10/net-dev-kick

There are a lot of small scripts floating around forums that do what net-dev-kick does (albeit, poorly and with a lot of assumptions) so I decided to clean it all up and make a simple yet robust program to deal with this situation.

This script attempts to ping a server that should always be up (use your router or something similar) and if it fails, it restarts the interface given as $1.

net-dev-kick is intended to be used on the raspberry pi to fix wlan0, but can theoretically be used on any machine to fix any interface. It's best used as a cronjob that runs every 5 or so minutes.

Read More...

Use Now Open to find places around you that are currently open

I created What's Open 3 years ago, but got a cease and desist for the name and pulled it from the market. Now, I have an LLC in place and a Trademark filed for Now Open, so it's back up under a new name!

Open this app to see a map that automatically zooms to your current location and shows every place around you that is open - Complete with "food" and "pizza" buttons!

• Find all places around you that are currently open
• See how long you have until a business closes (ie. 30 minutes left!)
• Search for keywords like "pasta", "Chinese", "bars", etc.
• Easily open your favorite maps app for navigation
• Quickly call any place you find
• Share places found on Facebook and Twitter
• Eat at new restaurants, visit new locations!
• Great for finding late night spots

I recently made a new storage server to replace my old one to keep up with my growing space requirements (I think 40T should hold me over for a while!). I store all of my movies, music, tv shows, etc. on it, as well as all of my backups. All of my laptops and desktop computers also backup to this server using rsync.

While it's all stored on SmartOS using the ZFS filesystem in a raid setup that can handle 2 or more drive failures without data loss, it still worries me because it is all stored in one physical location: my closet. If there is a fire or some other disaster like that, all of my data could potential be lost.

To remedy this, I've repurposed the server I replaced (my old storage server) to be an off-site backup server that is used solely for ZFS receive. This server now runs FreeBSD, which you can read about in my blog post here

Automatic Snapshots

Before diving into my off-site backup solution, the first thing to talk about is how I handle automatic ZFS snapshots, and also removing snapshots as they get too old.

zfs-snapshot-all

https://github.com/bahamas10/zfs-snapshot-all

Recursively snapshot all zpools

I use this program to snapshot all zpools on my new storage server automatically in cron. My crontab looks something like this:

Read More...

I recently set up a server at my buddies house for remote, off-site, backups using ZFS send/recv. Since SmartOS is lacking any sort of encryption for ZFS I instead used FreeBSD with geli. This way, I get the benefits of ZFS incremental send and receive for doing backups, with the security of knowing my data is encrypted on disk.

To ensure maximum security, I made sure the passphrase for unlocking the drives was not stored anywhere on the server itself, and instead would require manual intervention on my part to decrypt the drives anytime the server is rebooted. To do this, I created 2 pools:

• zroot - the main pool, mounted at /, unencrypted
• paper - the pool used for backups, mounted at /paper, encrypted

The server will boot into the operating system automatically, and from there I must run a script to unlock the drives and import the paper pool.

PS: The zpool is called paper because the server is called paperdyne. That name was cleverly derived from dataDyne (my storage server) and @papertigerss (my buddy whose house this server now lives).

Setup

Install FreeBSD

The first step, of course, is to install FreeBSD. Go to the website, make a bootable USB (or DVD, or CD, or whatever) and install it.

Read More...

It's been 5 years since I created my first storage server and was now approaching full capacity - I was at 90% used out of 9.5TB available. I built a new server with over 40TB usable to replace this server, and will be using the old server for offsite backups eventually.

The new server will run SmartOS like the server it is replacing, and will run almost all of the same zones as the original

Parts

Server parts

• 20x Hitachi Global Storage 0B26885 UltraStar 4TB SAS2 3.5in 7200RPM 64MB Bare
• 5x Cable Matters® Mini-SAS to 4 SATA Forward Breakout Cable - 1m
• 3x SAS9211-8I 8PORT Int 6GB Sata+sas Pcie 2.0
• 2x Crucial 16GB Kit (8GBx2) DDR3/DDR3L-1600MT/s (PC3-12800) DR x8 ECC UDIMM Server Memory CT2KIT102472BD160B/CT2CP102472BD160B
• 1x Thermaltake Cooling Fan for Intel Core i7/i5/i3 CL-P0556
• 1x SUPERMICRO MBD-X9SCL-F-O LGA 1155 Intel C202 Micro ATX Intel Xeon E3 Server Motherboard
• 1x Intel Xeon Quad-Core Processor E3-1230 v2 3.3GHz 8MB LGA 1155 CPU LGA BX80637E31230V2
• 1x Corsair CX Series 750 Watt ATX/EPS Modular 80 PLUS Bronze ATX12V/EPS12V 744 Power Supply CX750M

Rack and case parts

• 1x Tripp Lite SR4POST13 13U 4-Post Open Frame Rack Cabinet Square Holes 1000lb Capacity
• 1x NORCO 4U Rack Mount 20 x Hot-Swappable SATA/SAS 6G Drive Bays Server Rack mount RPC-4020
• 1x RL-26 26" 3-sections Ball Bearing Slide Rail
• 1x Norco 120mm fan wall bracket
• 3x Noctua NF-P12 120mm x 25mm Cooling Fan 3-Pin - 1300 RPM
• 2x Noctua NF-R8 80mm Fan (31 CFM)

Specs

The new build has 20x 4TB SAS drives, 32GB of ECC ram, and an Intel Xeon Quad Core 3.3GHz processor.

Memory

# prtconf | grep Memory
Memory size: 32740 Megabytes

Processor

# psrinfo -vp
The physical processor has 4 cores and 8 virtual processors (0-7)
  The core has 2 virtual processors (0 4)
  The core has 2 virtual processors (1 5)
  The core has 2 virtual processors (2 6)
  The core has 2 virtual processors (3 7)
    x86 (GenuineIntel 306A9 family 6 model 58 step 9 clock 3300 MHz)
      Intel(r) Xeon(r) CPU E3-1230 V2 @ 3.30GHz

Read More...