Kind: Notes

short content: a post or status update with just plain content and typically without a title

Posted on
by

I’ve a private mailserver with a web interface behind a proxy at home. It’s that proxy that obtains certs from LetsEncrypt every few months.

I’m using the same certs for the mail gateways (smtpd, ical and so on) behind the scenes and it’s annoying to keep the certs in sync so my Evolution (mail client) would greet me once every few months with an obsolete cert warning.

No more! Why repeat these steps manually again and again if I can just utilize the power of systemctl --host and scp?

#!/bin/bash
scp /etc/letsencrypt/live/mail.example.com/* 192.0.2.152:/etc/letsencrypt/live/mail.example.com/
for i in {postfix,mail-gateway,mail-ical}; do systemctl --host 192.0.2.152 restart ${i}; done

This may run as a hook script for the certbot or simply via cron once a week 🤷

(Yes yes, we can argue all day why this box can log in to another via ssh as root with just a key to this single virtual machine on my internal network. This is a homelab set-up and gaining access to the proxy would be a disaster already since this one terminates HTTPS already *and* has the cert keys.)

Deshalb gilt auch im Juli weiterhin das Papierticket D-Ticket JugendBW Februar in Verbindung mit dem beigefügten Bestätigungsschreiben, bis die Chipkarte zugestellt wird.

Das ist unsere am Limit. Die Kinder fahren seit März(!) mit dem abgelaufenen Februar Ticket beim mit, weil das eingeführte Chipkarten D-Ticket weiterhin nicht zur Verfügung gestellt werden konnte.

Naja, in 3 Wochen sind Sommerferien, dann ist der Fisch eh geputzt.

So, Timelines released today. Bagged it, of course. Don’t even really know what’s coming but the X series are something I enjoy since X: Beyond The Frontier in 1999. Kinda rad that a company that old managed to stay in business and true to their very own franchise.

Oh and also native for PC, my daily (and only) system for .

I could ramble on why X4 is a great Space Pew Pew game but others can do that much better. Like ObsidianAnt for example: https://www.youtube.com/watch?v=YCcaA1FAuAg

TIL (and I know I’m late for the party): protontricks can set the env for Steam in a very comfortable way to run another exe in the same wine prefix/bottle/compatData folder for an already running game. Useful for companion apps of games or e.g. OpenTrack. I used to do this manually with little scripts 🤓

protontricks-launch ~/.steam/steam/steamapps/compatdata/1069190/pfx/drive_c/opentrack/install/opentrack.exe

Posted on
by

I had the chance to play Flight Of Nova (https://flight-of-nova.com/) for the first time today. This was on my wishlist for quite some time now. Dived in blind and had no idea what to expect. 3 tutorial missions later: Oh boy… this is hard. I can see myself sinking many hours in this.

Anyway, as usual, my focus is on interfacing with my home cockpit (or simpit) and while there is no ship telemetry [yet?] I was able to get it running just fine via Proton and with my DIY headtracker using OpenTrack. Hats off, seldom that I see a game that detects my joystick just fine, has great ingame calibration, offers me a windowed mode and a bunch of ultra width resolutions without having to resort to hacking config files or use gamescope to resize it ❤️

Head tracking is, as usual, TrackIR only so far (I guess the native Linux PC version does not have UDP in place here but I couldn’t check due Steam refusing to download another version today). Anyway, you can see me fooling around with the buttons and do an A+ crash landing in the end – sunny side up 😆 Not too shabby considering that this was my 3rd landing at all.

Pick your poison: https://www.youtube.com/watch?v=r2A_uVbUKWU / https://tube.tchncs.de/w/iV21V6EZxNCTsC8bvsCQDt

Posted on
by

Fedora used to have fancy modules for things like node, which allowed fast install and switch of a specific version: https://developer.fedoraproject.org/tech/languages/nodejs/nodejs.html e.g. with dnf module install nodejs:8

This is no longer the case starting with Fedora 38: https://fedoraproject.org/wiki/Changes/NodejsRepackaging – which suggests to install an alternative [supported] version e.g. with dnf install nodejs18. While this works it did not adjust the default link of /usr/bin/node to nodejs18, like the old command would have done, so ANY not-packaged-for-Fedora project will still default to /usr/bin/node, which points in my case to node-20 at the time of writing. The article suggests to make use of the update-alternatives command to change this but it does not give an example.

And since I will forget this by tomorrow here is one, that adds a new entry for node to alternatives and adds a symlink for /usr/bin/node to /usr/bin/node-18 with a priority of 18:

> sudo update-alternatives --install /usr/bin/node node /usr/bin/node-18 18
> update-alternatives --list

Should there be one with a higher priority already, and the list not update with the command, it has to be overridden with a manual setter:

> sudo update-alternatives --set node /usr/bin/node-18
> update-alternatives --list

yw.

Posted on
by

Everybody: Help! suspend isn’t working

Me: Help! Suspend _is_ working

So… today I noticed that I forgot something on my Fedora Workstation at home. No problem, we have Wireguard, no? So I asked a family member to start my computer at home, which they did, and I logged into my box via ssh.

After that I had to install a programm first before starting my work so I installed it via sudo. The dnf command succeeded and directly after that – to my _utter_ surprise – did the terminal print the message “The system is going into suspend NOW”.

And it was gone. Just like my family members, who left the building in the meantime. WoL didn’t succeed. Work delayed 🤷

I was flabbergasted. And I tried it again later at home. If I do not login via gdm… the system suspends on it’s own again!

What on earth is doing this and how can I stop this from happening again???

Posted on
by

Hello with client cert my old friend. Today I needed to connect a ticket system to you.

I had to tweak it a little though, because I have no idea where to put client certificates for Python’s requests lib and my current customer requires that. Any HTTPS request without will fail with status code 400: No required SSL certificate was sent. On top it’s a self signed so let’s ignore self signed server certs (I know…).

For this I edited ~/.local/lib/python3.11/site-packages/bugzilla/_backendxmlrpc.py line 43 from this:

        # pylint: disable=raise-missing-from
        try:
            response = self.__bugzillasession.request(
                "POST", url, data=request_body)

to

        # pylint: disable=raise-missing-from
        cert = ()
        verify = True
        
        if url.startswith('https://bugzilla.example.com/'):
            log.debug("Adding client certs for url: %s", url)
            cert=('/path/to/client.crt', '/path/to/client.key')
            verify = False

        try:
            response = self.__bugzillasession.request(
                "POST", url, verify=verify, data=request_body,
                cert=cert)

This time I even added my extra bits in a conditional way so other bugzilla configs should not be affected. There may be better ways to achieve this but I’ve seen no obvious in the docs at https://bugwarrior.readthedocs.io/en/latest/services/bugzilla.html – YMMV.